Malware Domain List

Malware Related => Malicious Domains => Topic started by: jackberri on January 31, 2010, 12:27:51 pm

Title: New files for Zeus servers
Post by: jackberri on January 31, 2010, 12:27:51 pm
config url:

Code: [Select]
hxxp://115.100.250.86/us/orders.xlsmd5sum ===> 6974b30e1a4efdd4f1cc0f79151f321a
Title: Re: New files for Zeus servers
Post by: jackberri on January 31, 2010, 12:39:46 pm
and

Code: [Select]
hxxp://115.100.250.86/us/test/orders1.xls
Title: Re: New files for Zeus servers
Post by: jackberri on February 01, 2010, 06:32:43 pm
Code: [Select]
hxxp://91.206.201.14/~canada/wes/qasqw.bin
Title: Re: New files for Zeus servers
Post by: jackberri on February 02, 2010, 05:55:43 pm
Code: [Select]
hxxp://uyerfbvo.cn/primo/numo.bin
Title: Re: New files for Zeus servers
Post by: jackberri on February 07, 2010, 09:38:37 am
Code: [Select]
hxxp://193.104.27.110/wtf/ins1w.rarmd5sum ===> 16bcf0c69a08716219497596483559a4
http://www.virustotal.com/analisis/e81fd80eafb9f33343dba102b78b68fc432bd38d79e0fc2422d5db5454934d41-1265401010 (http://www.virustotal.com/analisis/e81fd80eafb9f33343dba102b78b68fc432bd38d79e0fc2422d5db5454934d41-1265401010)
VT 6/40 (15.00%)
Title: Re: New files for Zeus servers
Post by: jackberri on February 07, 2010, 11:24:40 am
Code: [Select]
hxxp://www.artsandcrafts.co.uk/png/index.exe
http://www.virustotal.com/analisis/0dc07b4fe24e3eb8b56550a78db5620938625f68894a4b21792c7af6f5c705ef-1265541802 (http://www.virustotal.com/analisis/0dc07b4fe24e3eb8b56550a78db5620938625f68894a4b21792c7af6f5c705ef-1265541802)
Title: Re: New files for Zeus servers
Post by: jackberri on February 09, 2010, 12:11:17 am
Code: [Select]
hxxp://bl.fcrazy.com/hhf/mmn.bin
Title: Re: New files for Zeus servers
Post by: jackberri on February 09, 2010, 11:05:00 am
Code: [Select]
hxxp://87.242.115.123[115.242.87.in-addr.arpa]
AS25532

abuse@masterhost.ru

config url:
Code: [Select]
hxxp://87.242.115.123/Imgtrojan:
Code: [Select]
hxxp://87.242.115.123/z.exehttp://www.virustotal.com/analisis/f755425c6ed5a0ba0c1ce042d2aa09d909b7f0871967bffcb2b322f65806969a-1265712778 (http://www.virustotal.com/analisis/f755425c6ed5a0ba0c1ce042d2aa09d909b7f0871967bffcb2b322f65806969a-1265712778)
VT 19/41 (46.35%)
md5sum ===> a55b5b6a65a5372c65e3ef94fe05d071
dropzone:
Code: [Select]
hxxp://87.242.115.161/2k8/gate.php?id=3cd5e97e
Title: Re: New files for Zeus servers
Post by: jackberri on February 09, 2010, 02:53:15 pm
Zeus trojan for
Code: [Select]
z130217.infobox.ru:

Code: [Select]
hxxp://carderam.com[9.10.79ae.static.theplanet.com]
IP: 174.121.16.9
Code: [Select]
hostgator.com/domainsAS21844

Creation date: 29 Jan 2010

IP Location:  United States  - Texas - Dallas - Theplanet.com Internet Services Inc

Registrant: Anders Nielsen
email: support@hostgator.com

Code: [Select]
hxxp:carderam.com/instal/qw.exemd5sum ===> db44269456d4ac033c8d37f33a5c9f4f
http:/http://www.virustotal.com/analisis/66e5d406a758f933b8fbc66f55693aebbb55972f00d6c75b34cdd7ee62411d06-1265726840 (http://http:/http://www.virustotal.com/analisis/66e5d406a758f933b8fbc66f55693aebbb55972f00d6c75b34cdd7ee62411d06-1265726840)
VT 10/41 (24.4%)
Title: Re: New files for Zeus servers
Post by: jackberri on February 10, 2010, 11:56:14 am
Code: [Select]
androzo.ru/ccc/androzo2.ngf
md5sum ===>c4aa1353bdbbe445a9988c3c5a1bf167
Title: Re: New files for Zeus servers
Post by: jackberri on February 10, 2010, 04:05:14 pm
Code: [Select]
hxxp://94.75.228.245[hosted-by.leaseweb.com]
AS16265

zeus trojan:
Code: [Select]
hxxp://94.75.228.245/l2/1.php==> us12.exe 2e3a89eef66c632778365ef08b79a9ed
http://www.virustotal.com/analisis/6d53c57069a7e307b97bcc8fbaf5b1dc98e1b9222b1492157f1859e3449a5413-1265817198 (http://www.virustotal.com/analisis/6d53c57069a7e307b97bcc8fbaf5b1dc98e1b9222b1492157f1859e3449a5413-1265817198)

Code: [Select]
hxxp://94.75.228.245/l2/stat.phpredirects to
Code: [Select]
hxxp://www.panel911.com/traffic/in.cgi?google3
config url:
Code: [Select]
hxxp://94.75.228.245/us4/basemd5sum ===> 59c74d0e15c2c9d9b03ee4340f719922

trojan
Code: [Select]
hxxp://94.75.228.245/l2/2.php==> x.exe 8b4bd8d9cec03e627865f6a03b495634
http://www.virustotal.com/analisis/94d02bfdab79f1d852b49eb8acd0fb4099d03010e1e9403c396ece8da2234dd6-1265817006 (http://www.virustotal.com/analisis/94d02bfdab79f1d852b49eb8acd0fb4099d03010e1e9403c396ece8da2234dd6-1265817006)
Title: Re: New files for Zeus servers
Post by: jackberri on February 10, 2010, 05:20:16 pm

trojan
Code: [Select]
hxxp://94.75.228.245/l2/2.php==> x.exe 8b4bd8d9cec03e627865f6a03b495634
http://www.virustotal.com/analisis/94d02bfdab79f1d852b49eb8acd0fb4099d03010e1e9403c396ece8da2234dd6-1265817006 (http://www.virustotal.com/analisis/94d02bfdab79f1d852b49eb8acd0fb4099d03010e1e9403c396ece8da2234dd6-1265817006)

[...]
Open file: fWezuS.GPE
                       ^ ^^^
Title: Re: New files for Zeus servers
Post by: jackberri on February 14, 2010, 08:08:14 pm
Code: [Select]
hxxp://115.100.250.119/us/proview.exemd5sum ===> 6e1db6cf6832f592adf0be5fd065060d
http://www.virustotal.com/analisis/32e2fab7e52e1f8f1a829a9196fee50b2fe61a93a67f98ba69147ffecb4050e1-1266177710 (http://www.virustotal.com/analisis/32e2fab7e52e1f8f1a829a9196fee50b2fe61a93a67f98ba69147ffecb4050e1-1266177710)
Code: [Select]
hxxp://115.100.250.119/us/pv.xlsmd5sum ===> 59dec669a761eb0fc8ace722757c7e63
Code: [Select]
hxxp://115.100.250.119/7tImbTH8HY.php
Title: Re: New files for Zeus servers
Post by: jackberri on February 15, 2010, 08:46:45 pm
Code: [Select]
hxxp://115.100.250.81/uk/price.xls
md5sum ===> 89be72d5ec6063d2cc760720af17085b
Title: Re: New files for Zeus servers
Post by: jackberri on February 18, 2010, 03:54:58 pm
zeus trojans (and other related malmare):

Code: [Select]
hxxp://bhostonline.com/loaderadv562.exemd5sum ===> afe0c42bd76163762ac798938046743a

for:
Code: [Select]
hxxp://96.9.183.149/app21.bin
hxxp://174.36.237.84/app21s.bin    incoming?



Code: [Select]
hxxp://bhostonline.com/loaderadv563.exemd5sum ===> 5b12cf0e2439517af6af8c8ba6b0f7b4

for
Code: [Select]
hxxp://174.36.237.84/app21s.bin
Title: Re: New files for Zeus servers
Post by: SysAdMini on February 18, 2010, 06:26:11 pm
zeus trojans (and other related malmare):
Code: [Select]
hxxp://bhostonline.com/loaderadv562.exemd5sum ===> afe0c42bd76163762ac798938046743a
for:
Code: [Select]
hxxp://96.9.183.149/app21.bin
hxxp://174.36.237.84/app21s.bin    incoming?

Code: [Select]
hxxp://bhostonline.com/loaderadv563.exemd5sum ===> 5b12cf0e2439517af6af8c8ba6b0f7b4
for
Code: [Select]
hxxp://174.36.237.84/app21s.bin

No Zeus.
Title: Re: New files for Zeus servers
Post by: jackberri on February 18, 2010, 09:54:31 pm
Code: [Select]
hxxp://camerinorestaurant.com/data_bak/booking.gifmd5sum ===> b770e441c0895780e97dda9f4f451cf6
http://camas.comodo.com/cgi-bin/submit?file=1b0efba7105ec95eae83b6b5d768982a7be7ce7ab9c94f8f672a3d60b8e1f642 (http://camas.comodo.com/cgi-bin/submit?file=1b0efba7105ec95eae83b6b5d768982a7be7ce7ab9c94f8f672a3d60b8e1f642)
Code: [Select]
hxxp://camerinorestaurant.com/data_bak/dinner.gifmd5sum ===> 31aa27b634d83f5e40d760b15272ff65
Code: [Select]
hxxp://camerinorestaurant.com/data_bak/feedback.gifmd5sum ===> 9873aabb10242b6bd4e8064855d72090
Code: [Select]
hxxp://camerinorestaurant.com/data_bak/lunch.gifmd5sum ===> 156816d80ee0773b7fe86372936b2704
Code: [Select]
hxxp://camerinorestaurant.com/data_bak/party.gifmd5sum ===> f3559c7f5b41e14d2af00755962fc3ef
Code: [Select]
hxxp://camerinorestaurant.com/data_bak/wine.gifmd5sum ===> 0e936e1ce527ced4ae4dbe10433eeefc
Title: Re: New files for Zeus servers
Post by: jackberri on February 19, 2010, 11:38:35 pm
Code: [Select]
hxxp://kalowweb.de/1/images/css.pngmd5sum ===> bf4556e525fa41e017d97d8bb6a6236e
http://www.virustotal.com/es/analisis/5e2c1af0f53abda78f376ca269c6b97aec8ec48e5a9e001981de91d15435edd8-1266622344 (http://www.virustotal.com/es/analisis/5e2c1af0f53abda78f376ca269c6b97aec8ec48e5a9e001981de91d15435edd8-1266622344)
Title: Re: New files for Zeus servers
Post by: jackberri on February 20, 2010, 12:01:42 am
Code: [Select]
hxxp://195.78.108.22/brgr/config.binmd5sum ===> 6996992a601cb082d3e7e5f5ba4153c5
Title: Re: New files for Zeus servers
Post by: jackberri on February 23, 2010, 01:30:46 pm
Code: [Select]
hxxp://apsight.ru/123/valid.exemd5sum ===> 507f74fc84bf3db508e09f9d0f0f6869
http://www.virustotal.com/analisis/fd5ebde8cb1861f0532a414edb9ba123737daee9c57f8b53ae77ccd4055e9f5e-1266924790 (http://www.virustotal.com/analisis/fd5ebde8cb1861f0532a414edb9ba123737daee9c57f8b53ae77ccd4055e9f5e-1266924790)
Title: Re: New files for Zeus servers
Post by: jackberri on February 23, 2010, 02:45:03 pm
Code: [Select]
http://yrots.ru/56/antirap.exemd5sum ===>  4e3e8d63bb90e09a34478e201202b255
IP:91.201.28.43
Title: Re: New files for Zeus servers
Post by: jackberri on February 23, 2010, 02:52:48 pm
IP:91.201.28.43

IP is :92.241.176.18
Title: Re: New files for Zeus servers
Post by: SysAdMini on February 23, 2010, 03:17:00 pm
Code: [Select]
http://yrots.ru/56/antirap.exemd5sum ===>  4e3e8d63bb90e09a34478e201202b255
IP:91.201.28.43

I don't know what it is, but it isn't Zeus.

http://www.threatexpert.com/report.aspx?md5=4e3e8d63bb90e09a34478e201202b255

I guess you found the url  in this TE report. This sample drops Zeus, but not only Zeus.

http://www.threatexpert.com/report.aspx?md5=1799a729fc7cadf40d1e3c6d9d35d9ba
Title: Re: New files for Zeus servers
Post by: SysAdMini on February 23, 2010, 03:17:30 pm
IP:91.201.28.43

IP is :92.241.176.18

??
Title: Re: New files for Zeus servers
Post by: jackberri on February 23, 2010, 03:52:26 pm
I don't know what it is, but it isn't Zeus.

You're right
Title: Re: New files for Zeus servers
Post by: jackberri on February 23, 2010, 03:53:49 pm
IP:91.201.28.43

IP is :92.241.176.18

??

The first ip (91.201.28.43) is wrong :(
Title: Re: New files for Zeus servers
Post by: SysAdMini on February 23, 2010, 03:57:15 pm
IP:91.201.28.43

IP is :92.241.176.18

??

The first ip (91.201.28.43) is wrong :(

You can modify your existing messages.  ;)
Title: Re: New files for Zeus servers
Post by: jackberri on February 23, 2010, 05:52:52 pm
You can modify your existing messages.  ;)

Errare humanum est  ;)
Title: Re: New files for Zeus servers
Post by: jackberri on February 24, 2010, 08:18:53 am
Code: [Select]
hxxp://rapidshare.com/files/354880881/powtmd5sum ===> d3457887e4410b493e0c7790bf9dfc1d

Not seems to be a zeus...
http://camas.comodo.com/cgi-bin/submit?file=6ec4ad4ffe87252cda23eae344725a112c5736d116494362866b9ef0f418c1cd (http://camas.comodo.com/cgi-bin/submit?file=6ec4ad4ffe87252cda23eae344725a112c5736d116494362866b9ef0f418c1cd)
http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12056452&cs=D6CD35A5722D460D654AC6348EA5417F (http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12056452&cs=D6CD35A5722D460D654AC6348EA5417F)

but:
http://www.virustotal.com/analisis/6ec4ad4ffe87252cda23eae344725a112c5736d116494362866b9ef0f418c1cd-1266995507 (http://www.virustotal.com/analisis/6ec4ad4ffe87252cda23eae344725a112c5736d116494362866b9ef0f418c1cd-1266995507)
VT 3/41 (7.32%)
Title: Re: New files for Zeus servers
Post by: jackberri on February 26, 2010, 02:06:20 pm
Code: [Select]
hxxp://googlanaliktics.com/QWEASDZXCV/gate.php
hxxp://googlanaliktics.com/german/US/config.bin
Title: Re: New files for Zeus servers
Post by: jackberri on February 26, 2010, 07:32:10 pm
Code: [Select]
hxxp://91.201.196.76/AHeom1Bo.iDiek2chmd5sum ===> 244dc24135b9d9f87ecbf9fd3b4a6b4c
Code: [Select]
hxxp://91.201.196.76/iris5Qui.exemd5sum ===> fca84e878160cf36febac7ccba0d4888
http://www.virustotal.com/analisis/7fe5a812ed94dc6e97b895637940a44e465b67d8f981a7736f0be2f052c614bb-1267211515 (http://www.virustotal.com/analisis/7fe5a812ed94dc6e97b895637940a44e465b67d8f981a7736f0be2f052c614bb-1267211515)
Title: Re: New files for Zeus servers
Post by: jackberri on February 27, 2010, 09:06:21 am
Code: [Select]
hxxp://193.104.27.218/post.binmd5sum ===> b78be222172d9bd52c9587c843fd2c46

Code: [Select]
hxxp://flashplayeradobe.com/theblog/confis/img4.binmd5sum ===> d3b5d4fca953061f3c271681de5d771f
Title: Re: New files for Zeus servers
Post by: SysAdMini on February 27, 2010, 06:57:39 pm
payload of Neosploit
Code: [Select]
yburuvaeqcv.com/nte/none1/eHdfd932d2V0100f070006R00000000102T94505591201l0409Kefdaad91320http://www.virustotal.com/analisis/9b0527619045586eec68d1f814ebab6a4ceae60421e2ecdc43834aed8bcdee25-1267290840
Symantec    20091.2.0.41    2010.02.27    Suspicious.Insight
File size: 160256 bytes
MD5   : 69b30727462f25b85545097b02df143b

http://wepawet.cs.ucsb.edu/view.php?hash=202d426f1de05fb2e57bc007ef30e688&t=1267296177&type=js
http://camas.comodo.com/cgi-bin/submit?file=9b0527619045586eec68d1f814ebab6a4ceae60421e2ecdc43834aed8bcdee25
Title: Re: New files for Zeus servers
Post by: jackberri on February 28, 2010, 06:19:31 pm
config file:

Code: [Select]
hxxp://abouttraffic.net/newstyle/clock.jpgmd5sum ===> 12c1d525b4301d2689e1c6fac4e24aef
Title: Re: New files for Zeus servers
Post by: SysAdMini on February 28, 2010, 06:26:51 pm
payload of Neosploit
Code: [Select]
jbaagpepjvc.com/nte/NONE1/eH9ae811f6V0100f070006R00000000102Td162bb94201l0409K814e2733320http://www.virustotal.com/analisis/58e19cb04db75f35ba3bd527f20b36c9aa554ab1b186c17495b9875ac062c56c-1267362964
Symantec    20091.2.0.41    2010.02.28    Suspicious.Insight
File size: 125440 bytes
MD5   : 5dff719b2a9d5fc2b9a369d9808bd3a7

http://wepawet.cs.ucsb.edu/view.php?hash=526d81910a8ae98f92e840aedcb4170a&t=1267378902&type=js
http://camas.comodo.com/cgi-bin/submit?file=58e19cb04db75f35ba3bd527f20b36c9aa554ab1b186c17495b9875ac062c56c
Title: Re: New files for Zeus servers
Post by: jackberri on March 01, 2010, 01:48:59 pm
Code: [Select]
hxxp://capital-team.net/team/cfg.binmd5sum ===> 0d15f0ac36cbef02e3f28933547343c0
Code: [Select]
hxxp://capital-team.net/team/aol.exemd5sum ===> ac7adbd782df65336a4f1591133696ae
http://www.virustotal.com/analisis/41539eb2956dcd5d3326b8d275861d27e5a0eff7cc71fb4c5d8dacf460250171-1267450872
VT 11/42 (26.2%)
Code: [Select]
hxxp://capital-team.net/team/method/pagina.php
Code: [Select]
hxxp://updateinfo22.com/bde/bin9.xlsmd5sum ===> 2e599a8c2981057dfea9af8d76814391
Title: Re: New files for Zeus servers
Post by: jackberri on March 02, 2010, 05:11:45 pm
Code: [Select]
hxxp://myperfection.ru/forum2/feb24.txtmd5sum ===> 8ffe2d882298c451573e0adaf10fdbd7


Code: [Select]
hxxp://91.201.196.76/thie5A.ohJ5thmd5sum ===> f0fc7538bcbbd9802629c6054dce6f79
Title: Re: New files for Zeus servers
Post by: jackberri on March 02, 2010, 10:44:39 pm
zeus/wsnpoem v1

Code: [Select]
hxxp://94.75.228.245/us5/basemd5sum ===> e1f810f74ebf1ec0a17f1cf33533ca15
Code: [Select]
hxxp://94.75.228.245/us5/us4.exemd5sum ===> b464f150f96dc162bc95ec45ed6280d2
http://www.virustotal.com/analisis/71ad3f8a60faa1972f698722e6f7153a25e6664c6527b91939fb48153346b888-1267569395 (http://www.virustotal.com/analisis/71ad3f8a60faa1972f698722e6f7153a25e6664c6527b91939fb48153346b888-1267569395)
VT 10/41 (24.4%)
Code: [Select]
hxxp://94.75.228.245/us5/us4.php
Title: Re: New files for Zeus servers
Post by: jackberri on March 03, 2010, 08:43:13 pm
Code: [Select]
hxxp://intrunans.biz/etc/404.php
Code: [Select]
hxxp://intrunans.biz is online
Title: Re: New files for Zeus servers
Post by: jackberri on March 04, 2010, 07:13:45 pm
zeus trojan for 91.201.196.107
Code: [Select]
hxxp://yrots.ru/8/exeusn2.exemd5sum ===> 074e4df5c91ab97737fbc4e7a667c87d
http://www.virustotal.com/analisis/5a1bdb710b3d4f5514f796cc2ea2f022754e2fa04ca07e112fcbcb7a4a69df1d-1267729595 (http://www.virustotal.com/analisis/5a1bdb710b3d4f5514f796cc2ea2f022754e2fa04ca07e112fcbcb7a4a69df1d-1267729595)
VT 15/42 (35.72%)

Code: [Select]
hxxp://allnatroniksssss.com/Z/gtgt.php
Title: Re: New files for Zeus servers
Post by: jackberri on March 05, 2010, 05:11:39 pm
Code: [Select]
hxxp://abouttraffic.net/news/dim.exemd5sum ===> 446584f46022015f78682ac52e35465f
http://www.virustotal.com/analisis/58843c8a672c5b4b2d971bf23fca227a09750ccd21a52fac43013a5b7c160dd4-1267808447 (http://www.virustotal.com/analisis/58843c8a672c5b4b2d971bf23fca227a09750ccd21a52fac43013a5b7c160dd4-1267808447)
VT 10/42 (23.81%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 06, 2010, 09:05:09 am
Code: [Select]
hxxp://cargoworldexchange.com/trendi_duglas/iojfiowejfio/tytorials.binmd5sum ===> 82b4c86ad81ef3e8f2ceb7d39fa425c1
Code: [Select]
hxxp://globalunitrack.com/x_XpoDVVa/get_666/sammer_head.php
Title: Re: New files for Zeus servers
Post by: jackberri on March 11, 2010, 01:30:14 pm
Code: [Select]
hxxp://davaydavay.net/davay/aol.exemd5sum ===> 04390b118e86ca4a5af5ecf59dc0b1c8
http://www.virustotal.com/analisis/1ae41bb6a006c4f15ad4c57a34f78102d7a11066f5b9a206957b3569d10d4fd7-1268313974 (http://www.virustotal.com/analisis/1ae41bb6a006c4f15ad4c57a34f78102d7a11066f5b9a206957b3569d10d4fd7-1268313974)
VT 15/42 (35.72%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 14, 2010, 12:13:41 pm
Code: [Select]
hxxp://lipesnaskom.com/cgi-binn/lus.exemd5sum ===> e399d9b9aff77abb06ca0e1d1f68b0d3
SHA256   ===> b532ca007b92f861c7534da925875ad42189e253557b7f4e6ffe96ea0d00f776
http://www.virustotal.com/analisis/b532ca007b92f861c7534da925875ad42189e253557b7f4e6ffe96ea0d00f776-1268568137 (http://www.virustotal.com/analisis/b532ca007b92f861c7534da925875ad42189e253557b7f4e6ffe96ea0d00f776-1268568137)
VT 15/42 (35.72%)

related malware:
Code: [Select]
hxxp://lipesnaskom.com/cgi-binn/fo.exemd5sum ===> b99191e9022d1271c920a26261a4ab36
SHA256   ===> 288f3b49eb8fdae2f67de16e0bb58bf0e723c1fb097f7de52cf2c7c06199c1aa
http://www.virustotal.com/analisis/288f3b49eb8fdae2f67de16e0bb58bf0e723c1fb097f7de52cf2c7c06199c1aa-1268568444 (http://www.virustotal.com/analisis/288f3b49eb8fdae2f67de16e0bb58bf0e723c1fb097f7de52cf2c7c06199c1aa-1268568444)
VT 12/42 (28.58%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 14, 2010, 03:27:45 pm
Code: [Select]
hxxp://img25.xooimage.com/files/9/0/7/mod-181d459.exemd5sum ===> 9072a208afc372e1c1bff5f1dae27bd3
SHA256   ===> 6c8ee105757a3e32bbfc33fa940ff0dd38404084229c83f58a6082c1a6eb4b04
http://www.virustotal.com/analisis/6c8ee105757a3e32bbfc33fa940ff0dd38404084229c83f58a6082c1a6eb4b04-1268579452 (http://www.virustotal.com/analisis/6c8ee105757a3e32bbfc33fa940ff0dd38404084229c83f58a6082c1a6eb4b04-1268579452)
VT 36/42 (85.72%)

related malware:
Code: [Select]
hxxp://img28.xooimage.com/files/3/e/c/out2-1820a44.exemd5sum ===> 3ec4fd4d56d7cb478b7fdcc6085ceb4c
SHA256   ===> b281a84fe72af01a6a85eb5dc8c93ff2f1ae7238a931c05f10ce80beed26b8bd
http://www.virustotal.com/analisis/b281a84fe72af01a6a85eb5dc8c93ff2f1ae7238a931c05f10ce80beed26b8bd-1268578906 (http://www.virustotal.com/analisis/b281a84fe72af01a6a85eb5dc8c93ff2f1ae7238a931c05f10ce80beed26b8bd-1268578906)
VT 23/42 (54.77%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 14, 2010, 03:40:53 pm
Code: [Select]
hxxp://img25.xooimage.com/files/9/0/7/mod-181d459.exe

Code: [Select]
hxxp://tagl.org/data/cfg.bin
Title: Re: New files for Zeus servers
Post by: SysAdMini on March 14, 2010, 04:11:09 pm
Code: [Select]
hxxp://img25.xooimage.com/files/9/0/7/mod-181d459.exe

Code: [Select]
hxxp://tagl.org/data/cfg.bin

Right, but there is no config file at this location. It's only a html file.
Title: Re: New files for Zeus servers
Post by: jackberri on March 14, 2010, 04:24:37 pm
Right, but there is no config file at this location. It's only a html file.

"Bandwidth Limit Exceeded
The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later".
Title: Re: New files for Zeus servers
Post by: jackberri on March 15, 2010, 07:52:34 pm
Code: [Select]
hxxp://91.201.196.37/eeYae8.Poo4Ihmd5sum ===> a62413ec0a5d22a9b1c525eb69924dca
SHA256   ===> 1e786b45d3f8da19c7bf121fbae421c4ccec6186999c08d3e51ef0f85febc68c
Code: [Select]
hxxp://91.201.196.37/Az6lei.exemd5sum ===> c52fd71024cf836330724650236b3c8d
SHA256   ===> 53c8d0ba373f1bb955cd1f598c672655420257f2e7e091d9fb1c974c0f5f5b35
http://www.virustotal.com/analisis/53c8d0ba373f1bb955cd1f598c672655420257f2e7e091d9fb1c974c0f5f5b35-1268679820 (http://www.virustotal.com/analisis/53c8d0ba373f1bb955cd1f598c672655420257f2e7e091d9fb1c974c0f5f5b35-1268679820)
VT 6/42 (14.29%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 17, 2010, 08:39:13 am
related zeusbotnet malware
Code: [Select]
hxxp://chetiripolka.com/hex/rapport.exemd5sum ===> 85d7a1efb509c4934577d3bd78050992
SHA256   ===> 6111b46803ca7334712bc95e4b2fd6aa4719a800a0b7cd3099a1324238ce82d3
http://www.virustotal.com/analisis/6111b46803ca7334712bc95e4b2fd6aa4719a800a0b7cd3099a1324238ce82d3-1268814818 (http://www.virustotal.com/analisis/6111b46803ca7334712bc95e4b2fd6aa4719a800a0b7cd3099a1324238ce82d3-1268814818)
VT 1/42 (2.39%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 17, 2010, 09:14:09 am
Code: [Select]
http://darnite.ru/ordlo/rec.php
Title: Re: New files for Zeus servers
Post by: jackberri on March 18, 2010, 09:14:26 am
related malware:
Code: [Select]
hxxp://pedrodepako.biz/forum/user/setup.exemd5sum ===> 85d7a1efb509c4934577d3bd78050992
SHA256   ===> 6111b46803ca7334712bc95e4b2fd6aa4719a800a0b7cd3099a1324238ce82d3
http://www.virustotal.com/analisis/6111b46803ca7334712bc95e4b2fd6aa4719a800a0b7cd3099a1324238ce82d3-1268903283 (http://www.virustotal.com/analisis/6111b46803ca7334712bc95e4b2fd6aa4719a800a0b7cd3099a1324238ce82d3-1268903283)
VT 4/42 (9.53%)

see:    
Re: New files for Zeus servers
Reply #49 on: March 17, 2010, 03:39:13 am

Title: Re: New files for Zeus servers
Post by: jackberri on March 19, 2010, 10:57:34 am
Code: [Select]
hxxp://bagmater.com/cnf/bomb.binmd5sum ===> cba7d6ed5eef14ca393e8f63622b51f8
SHA256   ===> 6d875dcdf1f76326a7b6173d04e1d1f12bbe993a3167f3e83e88b004f7e2fc00
Title: Re: New files for Zeus servers
Post by: jackberri on March 20, 2010, 12:10:36 pm
IP 83.170.112.218
AS13213
Code: [Select]
hxxp://cin-turk.com/cfg.binmd5sum ===> 0b85aa4c7fb74fcfd0d8975d90388a4f
SHA256   ===> 79e9ea4ed40d3c69462dfd994f4181a294e457c3e53e3fcb7e78fe111ccede0c
Code: [Select]
hxxp://cin-turk.com/gate.php
other domains:
Code: [Select]
artvizit.com
cibiliyetsiz.com
ilanator.com
theypay.us
Title: Re: New files for Zeus servers
Post by: jackberri on March 20, 2010, 09:27:12 pm
IP Location:  Canada  - Quebec - Montreal - Interweb Media
IP 76.76.101.76
[reverse-mtl-76-76-101-76.gogax.com]
AS21793
Code: [Select]
hxxp://cralertyit.net/3x/dim.exemd5sum ===> 77d18a5a1b60919fa26582d56730df44
SHA256   ===> e06dce574b2b3e60d2f4ea17c1f420587cc456d4db57c38f5ea6e347dac70d17
http://www.virustotal.com/analisis/e06dce574b2b3e60d2f4ea17c1f420587cc456d4db57c38f5ea6e347dac70d17-1269119897 (http://www.virustotal.com/analisis/e06dce574b2b3e60d2f4ea17c1f420587cc456d4db57c38f5ea6e347dac70d17-1269119897)
VT 7/42 (16.67%)

other domains:
Code: [Select]
ertunagulerka.com:http://www.threatexpert.com/report.aspx?md5=138ef7b1e0543b0284026b6d54072ebf (http://www.threatexpert.com/report.aspx?md5=138ef7b1e0543b0284026b6d54072ebf)
Title: Re: New files for Zeus servers
Post by: jackberri on March 23, 2010, 11:43:31 am
Code: [Select]
hxxp://sp000.org/3/lcass.exehttp://www.virustotal.com/analisis/191a1975dc0aade560994d7f280e175e865e8b99678da949c7aad058fbb647b3-1269343922 (http://www.virustotal.com/analisis/191a1975dc0aade560994d7f280e175e865e8b99678da949c7aad058fbb647b3-1269343922)
md5sum ===> 64e4ddb5fede299ed3a73542c55d5198
SHA256   ===> 191a1975dc0aade560994d7f280e175e865e8b99678da949c7aad058fbb647b3
VT 2/42 (4.77%)

related malware:
Code: [Select]
hxxp://sp000.org/kill.exemd5sum ===> 02a2c8b570a794f16cc408d9eab12e18
SHA256   ===> 6f2a611f1b2705a808fbc38fa72e872330041bc4c9356068018f7448561b97b2
http://www.virustotal.com/analisis/6f2a611f1b2705a808fbc38fa72e872330041bc4c9356068018f7448561b97b2-1269344097 (http://www.virustotal.com/analisis/6f2a611f1b2705a808fbc38fa72e872330041bc4c9356068018f7448561b97b2-1269344097)
VT 10/42 (23.81%)
Code: [Select]
hxxp://sp000.org/rapport.exemd5sum ===> 3370015a0afc9e643c7430acda3ff9b0
SHA256   ===> fdd61667a2b308133356232f2f10eab5c1d3367a90459ac294874da8481e9ac9
http://www.virustotal.com/analisis/fdd61667a2b308133356232f2f10eab5c1d3367a90459ac294874da8481e9ac9-1269344268 (http://www.virustotal.com/analisis/fdd61667a2b308133356232f2f10eab5c1d3367a90459ac294874da8481e9ac9-1269344268)
VT 12/41 (29.27%)
Title: Re: New files for Zeus servers
Post by: SysAdMini on March 23, 2010, 01:52:01 pm
Code: [Select]
hxxp://sp000.org/3/lcass.exe

also:

Code: [Select]
sp000.org/1/lcass.exe
sp000.org/2/lcass.exe
Title: Re: New files for Zeus servers
Post by: jackberri on March 23, 2010, 07:32:42 pm
Code: [Select]
hxxp://83.170.112.218/stop.binmd5sum ===> 067b27ac0cf8c3eb96483dca3173184c
SHA256   ===> fa2584211df4f197cfddc661b71521e3eebd2a84dfa09112689d4a83d2c53a65

other domains:
Code: [Select]
artvizit.com
cibiliyetsiz.com
ilanator.com
theypay.us
Title: Re: New files for Zeus servers
Post by: jackberri on March 24, 2010, 08:38:30 pm
IP Location: Netherlands Amsterdam The King Host
New IP: 94.102.63.163
ASN29073

Code: [Select]
hxxp://chetiripolka.com/klp/rapport.exemd5sum ===> e0c44c21af90df03cd23f896b7b882de
SHA256   ===> 3a0ae16ac3e09f8b56dbc54bde3adb53548c00278fe309db9998b079c084acec
http://www.virustotal.com/analisis/3a0ae16ac3e09f8b56dbc54bde3adb53548c00278fe309db9998b079c084acec-1269462117 (http://www.virustotal.com/analisis/3a0ae16ac3e09f8b56dbc54bde3adb53548c00278fe309db9998b079c084acec-1269462117)
VT 6/42 (14.29%)
Code: [Select]
hxxp://chetiripolka.com/klp/hex.exemd5sum ===> af2700f0c9b1b1a4b2a7cabc74e7c3a9
SHA256   ===> 29816e2defae9b63d084097337c0755f2cca7b04b3cd6a1c33e7b2404577789e
http://www.virustotal.com/analisis/29816e2defae9b63d084097337c0755f2cca7b04b3cd6a1c33e7b2404577789e-1269462468 (http://www.virustotal.com/analisis/29816e2defae9b63d084097337c0755f2cca7b04b3cd6a1c33e7b2404577789e-1269462468)
VT 5/42 (11.91%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 24, 2010, 11:28:52 pm
IP Location: Ukraine Pe Anton Kasminin
IP 193.104.253.22
ASN29557
Code: [Select]
hxxp://flashplayeradobe.com/forum/net5.binmd5sum ===> 9f31fa38e9861a0cbf054a738b53905f
SHA256   ===> b138f94c39126fdd9d3ab2cf8a401c84a5e0727122689ec212c1e9f7414d5d6d

related malware
Code: [Select]
hxxp://flashplayeradobe.com/forum/svchost.exemd5sum ===> 969fd33b0bcfe3958b804f945fbaed50
SHA256   ===> a2ebd8a165c0e9c3fe9f0533f2cf2fe8d23613c9ecc0addadee534d6b5209d3d 
http://www.virustotal.com/analisis/a2ebd8a165c0e9c3fe9f0533f2cf2fe8d23613c9ecc0addadee534d6b5209d3d-1269472670 (http://www.virustotal.com/analisis/a2ebd8a165c0e9c3fe9f0533f2cf2fe8d23613c9ecc0addadee534d6b5209d3d-1269472670)
VT 12/42 (28.58%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 25, 2010, 07:53:52 pm
Code: [Select]
hxxp://updateinfo22.com/bde/stb6.exemd5sum ===> 9b8d6163fcca17710b8f7d30ae51beb1 (old md5sum ===> ce2c35a269db1fd97122022223133af8)
SHA256   ===> 5e51016a6160c454258208a71281efd44b247bf8e798cf2b024a366d32decd95
http://www.virustotal.com/analisis/5e51016a6160c454258208a71281efd44b247bf8e798cf2b024a366d32decd95-1269546308 (http://www.virustotal.com/analisis/5e51016a6160c454258208a71281efd44b247bf8e798cf2b024a366d32decd95-1269546308)
VT 4/38 (10.53%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 26, 2010, 08:55:51 am
Code: [Select]
hxxp://cralertyit.net/3x/ff.exemd5sum ===> d092a9c4e9c8788dc6869398bcb85f9c
SHA256   ===> 71978587001d4e7edd9e01a8f01927bca371856592f4822374a419a0cade8171
http://www.virustotal.com/analisis/71978587001d4e7edd9e01a8f01927bca371856592f4822374a419a0cade8171-1269592426 (http://www.virustotal.com/analisis/71978587001d4e7edd9e01a8f01927bca371856592f4822374a419a0cade8171-1269592426)
VT 5/42 (11.91%)

related malware: Fake AV
IP Location:  Netherlands Amsterdam Leaseweb B.v
IP 95.211.87.211
[hosted-by.leaseweb.com]
AS16265

Code: [Select]
hxxp://95.211.87.211/amg_dfgwhaqqr.exemd5sum ===> 975982060fdfc5fa8c6603b808bbcd2c
SHA256   ===> 51b30885c2b54452705a7efd84da689feca1ad855ba89e2e7e4ca22225f8e191
http://www.virustotal.com/analisis/51b30885c2b54452705a7efd84da689feca1ad855ba89e2e7e4ca22225f8e191-1269593174 (http://www.virustotal.com/analisis/51b30885c2b54452705a7efd84da689feca1ad855ba89e2e7e4ca22225f8e191-1269593174)
VT 15/42 (35.72%)

other domains:
Code: [Select]
holiza.com
Title: Re: New files for Zeus servers
Post by: jackberri on March 27, 2010, 12:46:40 pm
Code: [Select]
hxxp://miraquemono.com/tienda/wp-content/themes/mqm/images/boton.jpgmd5sum ===> 0a2caff9bb0c4a6813bb8f62d5095ab6
SHA256   ===> e0505fb0fcbe3144d4ce0cb5c8c4fbaac176da4d9523adcd897fb05ffe80df90
http://www.virustotal.com/analisis/e0505fb0fcbe3144d4ce0cb5c8c4fbaac176da4d9523adcd897fb05ffe80df90-1269692084 (http://www.virustotal.com/analisis/e0505fb0fcbe3144d4ce0cb5c8c4fbaac176da4d9523adcd897fb05ffe80df90-1269692084)
VT 11/42 (26.19%)
related:
Code: [Select]
stvparkcomputer.info
jokersimson.net
Title: Re: New files for Zeus servers
Post by: jackberri on March 27, 2010, 08:02:44 pm
Code: [Select]
hxxp://tigerden.uppit.com/0110/ax8x40to/istealcrypt1.exemd5sum ===> cf74534a20045b99da764654eb2fa54e
SHA256   ===> e0505fb0fcbe3144d4ce0cb5c8c4fbaac176da4d9523adcd897fb05ffe80df90
http://www.virustotal.com/analisis/7a878e8dfc3f35f957740d0435afb3201922645a4eefbcd8233f0551e99a641e-1269300406 (http://www.virustotal.com/analisis/7a878e8dfc3f35f957740d0435afb3201922645a4eefbcd8233f0551e99a641e-1269300406)
Title: Re: New files for Zeus servers
Post by: jackberri on March 28, 2010, 08:35:25 am
related zeus host
Code: [Select]
robul.net
IP Location:  Netherlands - Rotterdam - Serverboost
IP 188.95.48.57
ASN49544
Code: [Select]
hxxp://pokaqr.com/ciereg.exemd5sum ===> 82c7d17f56724779ee8b3fe585624750
SHA256   ===> f0326f9a06cb1abc46691f80120d1d36a22a1229fb42312e78615a4f5fb50cf4
http://www.virustotal.com/analisis/f0326f9a06cb1abc46691f80120d1d36a22a1229fb42312e78615a4f5fb50cf4-1269664809 (http://www.virustotal.com/analisis/f0326f9a06cb1abc46691f80120d1d36a22a1229fb42312e78615a4f5fb50cf4-1269664809)
VT 2/42 (4.76%)

other domains:
Code: [Select]
anisore.com
madop.net
munaenet.info
pokaqr.biz
pokaqr.info
pokaqr.name
pokaqr.net
pokaqr.org
robul.net
Title: Re: New files for Zeus servers
Post by: jackberri on March 28, 2010, 07:29:04 pm
Code: [Select]
hxxp://lightobmen.ru/robo/gate.php
Title: Re: New files for Zeus servers
Post by: jackberri on March 29, 2010, 05:24:59 pm
Code: [Select]
hxxp://nudlkasnuls.com/ksa/ue.exemd5sum ===> 31f9a678693d5ca4f02ff52d0aa396f4
SHA256   ===> de0aff522c36dd8116188e311cf3c9589fa3af31bb4cda914250fe7c64211e6a
http://www.virustotal.com/analisis/de0aff522c36dd8116188e311cf3c9589fa3af31bb4cda914250fe7c64211e6a-1269882746 (http://www.virustotal.com/analisis/de0aff522c36dd8116188e311cf3c9589fa3af31bb4cda914250fe7c64211e6a-1269882746)
VT 5/42 (11.91%)
related malware
Code: [Select]
hxxp://nudlkasnuls.com/ksa/fi.exemd5sum ===> b99191e9022d1271c920a26261a4ab36
SHA256   ===> 288f3b49eb8fdae2f67de16e0bb58bf0e723c1fb097f7de52cf2c7c06199c1aa
http://www.virustotal.com/analisis/288f3b49eb8fdae2f67de16e0bb58bf0e723c1fb097f7de52cf2c7c06199c1aa-1269883135 (http://www.virustotal.com/analisis/288f3b49eb8fdae2f67de16e0bb58bf0e723c1fb097f7de52cf2c7c06199c1aa-1269883135)
VT 24/42 (57.15%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 30, 2010, 04:17:43 pm
Code: [Select]
hxxp://66.197.237.165/g54ty/ukz.php
Title: Re: New files for Zeus servers
Post by: jackberri on April 01, 2010, 10:14:19 am
Code: [Select]
hxxp://estero89.ru/CP/banner.phprelated malware:
Code: [Select]
hxxp://estero89.ru/rapport.exemd5sum ===> 6973d7470fa960204fb0d3ac323c9c5e
SHA256   ===> cfdbb8ec000254680ea47026e78fa6626dbc9254706a59f7af55fcfddb2d3d96
http://www.virustotal.com/es/analisis/cfdbb8ec000254680ea47026e78fa6626dbc9254706a59f7af55fcfddb2d3d96-127011645 (http://www.virustotal.com/es/analisis/cfdbb8ec000254680ea47026e78fa6626dbc9254706a59f7af55fcfddb2d3d96-127011645)9
VT 1/42 (2.39%)
Title: Re: New files for Zeus servers
Post by: jackberri on April 01, 2010, 06:49:49 pm
trojan Fake:
Code: [Select]
hxxp://agreement52.com/upd.exemd5sum ===> 90819fb12c8500f3d01403b006780f9b
SHA256   ===> b8cc2ae0f2c543ba3a0f0388274b4d6ab5cf0b475f9d9e7b67bee5fb0818c054
http://www.virustotal.com/es/analisis/b8cc2ae0f2c543ba3a0f0388274b4d6ab5cf0b475f9d9e7b67bee5fb0818c054-1270146911 (http://www.virustotal.com/es/analisis/b8cc2ae0f2c543ba3a0f0388274b4d6ab5cf0b475f9d9e7b67bee5fb0818c054-1270146911)
VT 5/42 (11.90%)

Code: [Select]
hxxp://altchinatech.com/tea/shototo292.php
Title: Re: New files for Zeus servers
Post by: jackberri on April 04, 2010, 12:21:07 pm
Code: [Select]
hxxp://193.148.47.43/cp01/aiZ7sh.php
Title: Re: New files for Zeus servers
Post by: jackberri on April 04, 2010, 05:10:30 pm
Code: [Select]
hxxp://onlinelicensechecker.ru/check/egater.php
Title: Re: New files for Zeus servers
Post by: jackberri on April 11, 2010, 07:09:14 am
related already listed
Code: [Select]
vrabote.bizIP Location: Ukraine Odessa Llc Wnet 
[grusha-92-60-177-253.hostinghutor.com]
AS15772
Code: [Select]
hxxp://92.60.177.253/4e4n/crypt_kill.exemd5sum ===> 1f202e5d915087bd9ff5058d7f0d4a1f
SHA256  ===> 9d77d87c62543484d990aa1c9f92c7ed51be698965f54e3833892a92ea188b21
http://www.virustotal.com/analisis/7065e09596c0ad4cca13f2dd4d0084940041be988c767c48366743d61d3884fb-1270826919 (http://www.virustotal.com/analisis/7065e09596c0ad4cca13f2dd4d0084940041be988c767c48366743d61d3884fb-1270826919)
VT 0/39 (0.00%)
Title: Re: New files for Zeus servers
Post by: jackberri on April 12, 2010, 03:17:12 pm
Code: [Select]
hxxp://seclzzz.biz/f/load.nrgmd5sum ===> 908cc595dd2e33f007c29c5738dbb7ed
SHA256 ===> 7c85d64cf9e45c57cf82f22f86fabbb773995abd070d497ca30f878f7754d85e
Title: Re: New files for Zeus servers
Post by: jackberri on April 15, 2010, 01:01:41 pm
Code: [Select]
hxxp://outlawyoung972.org/out/gate.php
Title: Re: New files for Zeus servers
Post by: jackberri on April 16, 2010, 09:45:58 pm
Code: [Select]
nudlkasnuls.com/ksa/fu.exemd5sum ===> 06a80e786bad1f29383be30052f3b30b
SHA256  ===> fbe04d1c460149aba2f862c263538ce514a1d0df0a40be2282e7c15a71c0cc69
http://www.virustotal.com/es/analisis/fbe04d1c460149aba2f862c263538ce514a1d0df0a40be2282e7c15a71c0cc69-1271453539 (http://www.virustotal.com/es/analisis/fbe04d1c460149aba2f862c263538ce514a1d0df0a40be2282e7c15a71c0cc69-1271453539)
VT 18/39 (45%)
Title: Re: New files for Zeus servers
Post by: jackberri on April 18, 2010, 03:38:17 pm
Code: [Select]
hxxp://solaruploader.com/asd23434ff.exemd5sum ===> 74d53dce86d091f0aa8a656cc6882bd1
SHA256  ===> cc8c62ad4b0f61f6ead3fdfb6feb8f3982cc0eb09eab70abeda8abfa67dbbe57
http://www.virustotal.com/analisis/cc8c62ad4b0f61f6ead3fdfb6feb8f3982cc0eb09eab70abeda8abfa67dbbe57-1271453009 (http://www.virustotal.com/analisis/cc8c62ad4b0f61f6ead3fdfb6feb8f3982cc0eb09eab70abeda8abfa67dbbe57-1271453009)
VT 13/40 (32.50%)

related (already listed):
Code: [Select]
bestviewbar.com/ipcheker/stat1.php
Title: Re: New files for Zeus servers
Post by: jackberri on April 19, 2010, 12:35:58 pm
Code: [Select]
hxxp://first-shockabsorbers.com/load/checkupdate.txt
Title: Re: New files for Zeus servers
Post by: jackberri on April 22, 2010, 08:30:36 pm
IP Location: Singapore Singapore Newmedia Express Pte Ltd Singapore Web Hosting Provider     
IP 203.174.83.98
[203-174-83-98.rev.ne.com.sg]
AS38001
Code: [Select]
hxxp://llllllllllllllllll.net/l/l.setmd5sum ===> 44711787085e1c367bfe8ae4d0f066cc
SHA256 ===> ca288a246eee5c4e56fbb8d9c023069b29c37686a3efa04b46d161cbde997e84
Code: [Select]
hxxp://llllllllllllllllll.net/l/l.php
Title: Re: New files for Zeus servers
Post by: jackberri on April 24, 2010, 09:32:43 am
Code: [Select]
hxxp://www.classic-technology.co.uk/pang/mygo/ljbKLw/assave/troshl/Newor.php?captcha===>12721011604bd2b928874bb.cfg
md5sum ===> 18bc44355d7a83cf2992278968c90c04
SHA256 ===> a453ced024073033608a3f71939b3af5290cb9d22eb9d562e309085dbf62c0ac
Title: Re: New files for Zeus servers
Post by: jackberri on April 27, 2010, 08:35:53 am
Code: [Select]
www.ronny.serrazul.net/www/wiza/Scrarcgtgb/Ressami.php?captcha===> 12723566684bd69f3c9e018.cfg
md5sum ===> 55a84b0c505441249298a8a3ee303008
SHA256 ===> cc468e802d7bebfe833b2092941f837c4d41ea36e18af96c17532804979c2cae

Code: [Select]
www.ijiexiu.com/crestateUse/aects/ewUser/monnelf/lormPlanale.php?captcha  ===> 12723569974bd6a08533c86.cfg
md5sum ===> 025b69bb9e50ff3fb1eb50379ccab0fb
SHA256 ===> c60015a7fd8e4bf7b16409e99b947ed98bc69d3834220b908f814d43e2d61b99
Title: Re: New files for Zeus servers
Post by: jackberri on April 27, 2010, 05:41:20 pm
Code: [Select]
hxxp://oldbarrel.biz/TeckOffice/moogonsacte/fortg/sumb.php?captcha===> 12723887394bd71c83ef68d.cfg
md5sum ===> af6aae8078e22939badfdef979e9a4e5
SHA256 ===> 4c8c49b7f2420fab312688bfecfe232325059f13c6b1ec4baa02a4f565480b73

Code: [Select]
hxxp://wl9www756.webland.ch/Logoging/oficonts/deent/cousest/edite/lnlivies.php?captcha===> 12723892784bd71e9e1e9da.cfg
md5sum ===> e519cf83a878355d66d18c2dd83c551f
SHA256 ===> 37c14ececd9bb2adadb1f559150465bff4191cf441f7f305447aad896167d608

Code: [Select]
hxxp://www.florescolibries.com.mx/actiondes/homets/fracyblickey.php?captcha===> 12723896094bd71fe953d29.cfg
md5sum ===> 3c594fef48fcf8a2639f6e449c118edc
SHA256 ===> 5a95813e6c69fdd45208f41d4fdc084fd2af6baf16c636c8af78c74a21c78391

Code: [Select]
hxxp://www.geoworksrl.it/site/postorker/CMSAppics/ssavent/semoductills.php?captcha===> 12723897844bd720985e3da.cfg
md5sum ===> 0349f05dacef138ea92190dd0c4326bc
SHA256 ===> 19431f2b77f7cc6a863888de8992213fa16f152bf676278f9c3e2761748cfa8e
Title: Re: New files for Zeus servers
Post by: jackberri on May 02, 2010, 12:36:38 pm
Code: [Select]
hxxp://raskeni.ru/ggg3.php
Code: [Select]
hxxp://mathematics2u.co.cc/life/ldr.exemd5sum ===> 093287b328d91c02baceec513e524e71
SHA256 ===> a0983621052330e702c0fcf2e379cb89c5f6d6d7df55f41815bc0bad80c239c5
Code: [Select]
hxxp://mathematics2u.co.cc/life/updme.binmd5sum ===> f672e1c0d499031c51ee068e508be020
SHA256 ===> 573f19e237a44304118fe070b7766d35dd4d5f8409559bd9c18b6e7aea28982d
Title: Re: New files for Zeus servers
Post by: jackberri on May 04, 2010, 06:21:04 pm
Code: [Select]
hxxp://leeitpobbod.ru/images/konf.binmd5sum ===> a2a8c064b27db24e6c3c437532f51f64
SHA256 ===> 8cf4e53df4a53afd18346e73419c3d335b672d94bfb15975755e1a5690c094cf
Code: [Select]
hxxp://www.oomseekerss.ru/images/gate.php
Title: Re: New files for Zeus servers
Post by: jackberri on May 05, 2010, 08:09:58 am
Code: [Select]
hxxp://darellfood.info/flashimg/pic077.gifmd5sum ===> 6a788ef7b167a471be87865057ae84e4
SHA256 ===> 787f3f72565680053798e6279560aed93c777c9b4be1ad357f84f2e5c6f601e2

Code: [Select]
hxxp://mazdabiz.info/flash/img01.binmd5sum ===> fac97271924af79ebdcdbf8dc1031a0d
SHA256 ===> e3d169b562c19acb23791d1ce0530910b9ff1907fc0036db45ecfba95a8ca81a
Title: Re: New files for Zeus servers
Post by: jackberri on May 05, 2010, 06:01:01 pm
Code: [Select]
hxxp://kabinaoff.info/flashimg/pic04.gifmd5sum ===> 8d35cac431584143cfac9e4706b2aca5
SHA256 ===> bb7a86cfea10111ceffbcaadfa8fe6eee8f7833c9f71f10e881e811bdd3efb7d
http://www.virustotal.com/es/analisis/bb7a86cfea10111ceffbcaadfa8fe6eee8f7833c9f71f10e881e811bdd3efb7d-1273081529 (http://www.virustotal.com/es/analisis/bb7a86cfea10111ceffbcaadfa8fe6eee8f7833c9f71f10e881e811bdd3efb7d-1273081529)
VT 20/41 (48.79%)

Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info

IP Location: Spain - Arsys.es 
IP 217.76.130.126
[llgb092.servidoresdns.net]
AS20718
Code: [Select]
hxxp://mateomunoz.es/consumibles_r2_c5.gifmd5sum ===> 1e7a32df063acfb38ac1fea7209ae2c7
SHA256 ===> d135e93474a5cf89cc773297c42ad9998e0c15c5f5bdbb72e206cbad63230a80
http://www.virustotal.com/es/analisis/d135e93474a5cf89cc773297c42ad9998e0c15c5f5bdbb72e206cbad63230a80-1273081065 (http://www.virustotal.com/es/analisis/d135e93474a5cf89cc773297c42ad9998e0c15c5f5bdbb72e206cbad63230a80-1273081065)
VT 18/41 (43.91%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 06, 2010, 09:35:00 am
Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info

IP Location: Spain - REDCORUNA S.L.U
IP 92.43.17.2
[hosting01.redcoruna.org]
AS44497
Registrant/Email Registrant: Inmaculada Ponce Gonzalez/magenta79@gmail.com
Code: [Select]
hxxp://www.miraquemono.com/blog/wordpress/wp-content/themes/connections-reloaded/img/logo.jpgmd5sum ===> f06b4cc2dbe48fb4f378ff3456baa152
SHA256 ===> 4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803
http://www.virustotal.com/es/analisis/4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803-1273136908 (http://www.virustotal.com/es/analisis/4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803-1273136908)
VT 21/41 (51.22%)

Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info

IP Location: Spain San Sebastian IBERCOM WORLD WIDE WEB IBERCOM
IP 213.195.72.102
[static.102.72.195.213.ibercom.com]
AS15915
Registrant/Email Registrant: Urtxintxa Eskola/atzio@urtxintxa.org
Code: [Select]
hxxp://aisia.net/images/galeria/gobela3handi.jpgmd5sum ===> f06b4cc2dbe48fb4f378ff3456baa152
SHA256 ===> 4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803
http://www.virustotal.com/es/analisis/4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803-1273137725 (http://www.virustotal.com/es/analisis/4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803-1273137725)
VT 21/41 (51.22%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 06, 2010, 12:50:29 pm
Trojans downl. for, or zeus v3 trojans?
http://camas.comodo.com/cgi-bin/submit?file=980e7b182333243bbe140723241f07ef211980af4fc10d8cb4fcaae7dd16cde9 (http://camas.comodo.com/cgi-bin/submit?file=980e7b182333243bbe140723241f07ef211980af4fc10d8cb4fcaae7dd16cde9)
Code: [Select]
kabinaoff.info
mytestjob.info

IP Location: Spain - Arsys.es
IP 217.76.130.253
[llgb434.servidoresdns.net]
AS20718
Registrant/Email Registrant: Ana M. Fernandez Aguado/experts@fotodos.com
Code: [Select]
hxxp://eimatge.com/41.jpgmd5sum ===> fc7c86ecbdb4ca1d73fcc33fad965048
SHA256 ===> 34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b
http://www.virustotal.com/es/analisis/34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b-1273148005 (http://www.virustotal.com/es/analisis/34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b-1273148005)
VT 25/41 (60.98%)

IP Location: France Amen France Network 
IP 62.193.204.77
[vds-796511.amen-pro.com]
AS28677
Registrant/Email Registrant: Angel Miguel Fernandez Ferron/angel@factorydea.com
Code: [Select]
hxxp://serraniasuroeste.org/uploadedcvimg/1320906784foto002.jpgmd5sum ===> f06b4cc2dbe48fb4f378ff3456baa152
SHA256 ===> 4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803
http://www.virustotal.com/es/analisis/4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803-1273148827 (http://www.virustotal.com/es/analisis/4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803-1273148827)
VT 22/41 (53.66%)

IP Location: Germany - STRATO AG 
IP 81.169.145.73
[w09.rzone.de]
AS6724
Registrant/Email Registrant: Antonio Barriocanal Pia/hostmaster@cronon-isp.net
Code: [Select]
hxxp://acacabe.com/image/bg_010.gifmd5sum ===> 78dd8a87c2aaaefbcc49973d13c602a2
SHA256 ===> 980e7b182333243bbe140723241f07ef211980af4fc10d8cb4fcaae7dd16cde9
http://www.virustotal.com/es/analisis/980e7b182333243bbe140723241f07ef211980af4fc10d8cb4fcaae7dd16cde9-1273149077 (http://www.virustotal.com/es/analisis/980e7b182333243bbe140723241f07ef211980af4fc10d8cb4fcaae7dd16cde9-1273149077)
VT 23/41 (56.1%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 06, 2010, 03:15:38 pm
Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info
IP Location: Spain Logrono AS_ARSYS-EURO   
IP 217.76.150.30
[slge442.piensasolutions.com]
AS20718
Registrant/Email Registrant: xavier sanchez presas (SROW-1263796)/rima-bus@hotmail.com
Code: [Select]
hxxp://barcelonacitytransfers.com/images/css_f1.pngmd5sum ===> 1e7a32df063acfb38ac1fea7209ae2c7
SHA256 ===> d135e93474a5cf89cc773297c42ad9998e0c15c5f5bdbb72e206cbad63230a80
http://www.virustotal.com/es/analisis/d135e93474a5cf89cc773297c42ad9998e0c15c5f5bdbb72e206cbad63230a80-1273157887 (http://www.virustotal.com/es/analisis/d135e93474a5cf89cc773297c42ad9998e0c15c5f5bdbb72e206cbad63230a80-1273157887)
VT 25/41 (60.98%)

Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info

IP Location: Italy Florence Register.it S.p.a 
IP 81.88.61.98
[host-81-88-61-98.dedicatedservers.it]
AS39729
Registrant/Email Registrant: CATMUR 1998, S.L./dominis@tepsis.com
Code: [Select]
hxxp://catmur.com/images/3f2.jpgmd5sum ===> fc7c86ecbdb4ca1d73fcc33fad965048
SHA256 ===> 34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b
http://www.virustotal.com/es/analisis/34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b-1273148005 (http://www.virustotal.com/es/analisis/34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b-1273148005)
VT 25/41 (60.98%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 07, 2010, 10:07:03 am
Code: [Select]
hxxp://foinkto015.net/inc/d.exemd5sum ===> b42e9e61bb0a6d5cbcc94f46aa082728
SHA256 ===> 33c199e654438b3645a95b12162903e6c9a08599d0aa847aec5048c73b550079
http://www.virustotal.com/es/analisis/33c199e654438b3645a95b12162903e6c9a08599d0aa847aec5048c73b550079-1273226373 (http://www.virustotal.com/es/analisis/33c199e654438b3645a95b12162903e6c9a08599d0aa847aec5048c73b550079-1273226373)
VT 23/41 (56.1%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 08, 2010, 04:09:19 pm
Code: [Select]
hxxp://saiwoofeutie.com/bin/aedigiuv.binmd5sum ===> 994a95f12feb09756f7b8ba4e05941b4
SHA256 ===> 5ef6902841402ec8c04ad6d81889b9391bbd127c91e7a03f735a5393dfd39eb1
Code: [Select]
hxxp://saiwoofeutie.com/bin/aedigiuv.exemd5sum ===> 64053b98cc00036abe0ac5beffc7d027
SHA256 ===> 9540db757d28f4a5a2797bff62a6c3f11dfc00c94663050219c0c37b1293d60d
http://www.virustotal.com/es/analisis/9540db757d28f4a5a2797bff62a6c3f11dfc00c94663050219c0c37b1293d60d-1273319867 (http://www.virustotal.com/es/analisis/9540db757d28f4a5a2797bff62a6c3f11dfc00c94663050219c0c37b1293d60d-1273319867)
VT 31/41 (75.61%)
Code: [Select]
hxxp://saiwoofeutie.com/bin/oopaiboo.exemd5sum ===> 3d17d5987f064cb25e15c297c75a9ab3
SHA256 ===> 58832d78521dbabf400bc7a20e6c6f3e0e75611dec7306297f1f6c6a447d5e91
http://www.virustotal.com/es/analisis/58832d78521dbabf400bc7a20e6c6f3e0e75611dec7306297f1f6c6a447d5e91-1273333615 (http://www.virustotal.com/es/analisis/58832d78521dbabf400bc7a20e6c6f3e0e75611dec7306297f1f6c6a447d5e91-1273333615)
VT 29/41 (70.74%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 09, 2010, 04:22:41 pm
Code: [Select]
hxxp://www.news2air.com/js/ss.exemd5sum ===> efd23b4b5436f82b493867d22aeb2d5d
SHA256 ===> b30c994c43afcad3d7c1ecbc304bb34398c2e436a21ed68b5e707226a508638a
https://www.virustotal.com/es/analisis/b30c994c43afcad3d7c1ecbc304bb34398c2e436a21ed68b5e707226a508638a-1273407627 (https://www.virustotal.com/es/analisis/b30c994c43afcad3d7c1ecbc304bb34398c2e436a21ed68b5e707226a508638a-1273407627)
VT 15/41 (36.59%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 11, 2010, 08:23:43 am
Code: [Select]
hxxp://bubendockader.com/gd/kk.exemd5sum ===> e2eb098edfc679958e4d5c0f66771f3e
SHA256 ===> 9b1c274ae1a1e7533a82d241554f8d0f3c249fb7d81303768674fc2be06ff0bd
https://www.virustotal.com/es/analisis/9b1c274ae1a1e7533a82d241554f8d0f3c249fb7d81303768674fc2be06ff0bd-1273564950 (https://www.virustotal.com/es/analisis/9b1c274ae1a1e7533a82d241554f8d0f3c249fb7d81303768674fc2be06ff0bd-1273564950)
VT 21/41 (51.22%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 11, 2010, 09:10:57 am
Code: [Select]
hxxp://www.searchadvertsol.net/board/dc.exemd5sum ===> a830f350f40faf9c65cd2a6bef29c3c4
SHA256 ===> 28b7d4b25f8ffcc60e3a630597c3eca4ed1a2503a1b1fe62d0e43fa2251ece1e
https://www.virustotal.com/es/analisis/28b7d4b25f8ffcc60e3a630597c3eca4ed1a2503a1b1fe62d0e43fa2251ece1e-1273567730 (https://www.virustotal.com/es/analisis/28b7d4b25f8ffcc60e3a630597c3eca4ed1a2503a1b1fe62d0e43fa2251ece1e-1273567730)
VT 0/41 (0%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 14, 2010, 07:05:09 pm
IP Location: Kazakhstan - Alfa-host Llp
IP 193.105.207.104
AS50793
Email Registrant: gavrilov81 @mail.ru

Code: [Select]
hxxp://dersausko.ru/flash/kill.exemd5sum ===> b5a0018f527a161e25814d344ad04054
SHA256 ===> 8d9421578f0eb1d2820850a56fe45f43d619507f4ec96354cad96a8be719de3e
https://www.virustotal.com/es/analisis/8d9421578f0eb1d2820850a56fe45f43d619507f4ec96354cad96a8be719de3e-1273863341 (https://www.virustotal.com/es/analisis/8d9421578f0eb1d2820850a56fe45f43d619507f4ec96354cad96a8be719de3e-1273863341)
VT 2/40 (5%)
Code: [Select]
hxxp://dersausko.ru/flash/rapport.exemd5sum ===> d9ba53c4bd4537ae6e71dcc60c55c0e7
SHA256 ===> 0857b17c1f6c099a8f3b0b0648cd51be49db0b2f25a959891c1a604f1925d8cb
https://www.virustotal.com/es/analisis/0857b17c1f6c099a8f3b0b0648cd51be49db0b2f25a959891c1a604f1925d8cb-1273863442 (https://www.virustotal.com/es/analisis/0857b17c1f6c099a8f3b0b0648cd51be49db0b2f25a959891c1a604f1925d8cb-1273863442)
VT 2/41 (4.88%)
Code: [Select]
hxxp://dersausko.ru/flash/killaa.exemd5sum ===> bff5f3118aeaae30fb267bc1e86d7da9
SHA256 ===> df48796856a21e4633ab4a229320b6260479371d687a9a356da3cca6caf73361
https://www.virustotal.com/es/analisis/df48796856a21e4633ab4a229320b6260479371d687a9a356da3cca6caf73361-1273863577 (https://www.virustotal.com/es/analisis/df48796856a21e4633ab4a229320b6260479371d687a9a356da3cca6caf73361-1273863577)
VT 0/41 (0%)

Title: Re: New files for Zeus servers
Post by: jackberri on May 15, 2010, 09:48:26 am
Code: [Select]
hxxp://checkrapport.com/1/exe.exemd5sum ===> 115250135acd6b10e49ec32fa424ba48
SHA256 ===>   f0cb14bf9908be7a3215abb560606ddfbec30e12bb5760c82ff50b750b519e30
https://www.virustotal.com/es/analisis/f0cb14bf9908be7a3215abb560606ddfbec30e12bb5760c82ff50b750b519e30-1273916424 (https://www.virustotal.com/es/analisis/f0cb14bf9908be7a3215abb560606ddfbec30e12bb5760c82ff50b750b519e30-1273916424)
VT 15/41 (36.59%)

Code: [Select]
related: foinkto015.net
Title: Re: New files for Zeus servers
Post by: jackberri on May 15, 2010, 12:59:09 pm
Code: [Select]
hxxp://solaruploader.com/bblldjened.exemd5sum ===> 585e9801b578f2dc99873e6d6cf8ec80
SHA256 ===> 4121b58e5f16f159b6c786a3b6a02913e836176722b4e3e079a3052dc4bdd1d7
https://www.virustotal.com/analisis/4121b58e5f16f159b6c786a3b6a02913e836176722b4e3e079a3052dc4bdd1d7-1273875495 (https://www.virustotal.com/analisis/4121b58e5f16f159b6c786a3b6a02913e836176722b4e3e079a3052dc4bdd1d7-1273875495)
VT 5/40 (12.50%)
Code: [Select]
related: bestviewbar.com
online:
Code: [Select]
adewright.com/mug/nus.exe
adewright.com/mug/sgs.oh
Title: Re: New files for Zeus servers
Post by: jackberri on May 17, 2010, 12:41:48 pm
IP Location: Russian Federation - Best-hoster Group Co. Ltd.
IP 91.215.170.2
[piter2.dns-rus.net]   
AS49693
Email Registrant: ndprinasx@mail.ru
Code: [Select]
hxxp://jjll.ru/123.exemd5sum ===> 8189c72da13a3c205df3122956abd881
SHA256 ===> bb8ad3c5535ddfbd787fd1cf62ba9090762a6c741f093b0418ee2f000ef43f35
https://www.virustotal.com/es/analisis/bb8ad3c5535ddfbd787fd1cf62ba9090762a6c741f093b0418ee2f000ef43f35-1274099204 (https://www.virustotal.com/es/analisis/bb8ad3c5535ddfbd787fd1cf62ba9090762a6c741f093b0418ee2f000ef43f35-1274099204)
VT 0/41 (0%)

Code: [Select]
hxxp://honeysp.in/z111lines/cfg.binmd5sum ===> c75ab4fd1e3b7fbbb7f58d0b5c0ce356
SHA256 ===> b4b36961dd167dd0f1029fcdc7fdd4d6329fa1a0f1fe64cfb55ef33d2f71dabd

Code: [Select]
hxxp://foinkto015.net/inc/dd.exemd5sum ===> 78552ecc895a760c325aad18949a5063
SHA256 ===> a460d05161c8680a3adbf2920a29e0485b3f35ba0b7d4f5a1899e184f0ff1e57
https://www.virustotal.com/es/analisis/a460d05161c8680a3adbf2920a29e0485b3f35ba0b7d4f5a1899e184f0ff1e57-1274098951 (https://www.virustotal.com/es/analisis/a460d05161c8680a3adbf2920a29e0485b3f35ba0b7d4f5a1899e184f0ff1e57-1274098951)
VT 19/41 (46.35%)

new md5sum:
Code: [Select]
hxxp://asbridgesburn.biz/file2.exemd5sum ===> 80c8f88377a0558d9116cbfba3725050
SHA256 ===> 622b734662b63ae01921bbd5d988690823dfd9c8072fa6fa8c05bf92dc9a54ff
https://www.virustotal.com/es/analisis/622b734662b63ae01921bbd5d988690823dfd9c8072fa6fa8c05bf92dc9a54ff-1274099096 (https://www.virustotal.com/es/analisis/622b734662b63ae01921bbd5d988690823dfd9c8072fa6fa8c05bf92dc9a54ff-1274099096)
VT 7/41 (17.08%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 18, 2010, 05:46:36 pm


c7e0e3647cbe417c65080925f8933f5a  ===>  hxxp://xee1aeph2aay.kz/bin/aedigiuv.bin
e0cfe2cfbc878f431c431a873b9a8ffb  ===>  hxxp://xee1aeph2aay.kz/bin/aedigiuv.exe
https://www.virustotal.com/analisis/3d57f933852b6faf94df632cd623ea249415cd653111bbaaf815dd577bb426f7-1274159888 (https://www.virustotal.com/analisis/3d57f933852b6faf94df632cd623ea249415cd653111bbaaf815dd577bb426f7-1274159888)                         
eb1abd7d08ae733621e8448da86d0e68  ===>  hxxp://xee1aeph2aay.kz/bin/ahwohn.bin                                 
0de79a773dfc6abb8a3a4ffad73d5cee  ===>  hxxp://xee1aeph2aay.kz/bin/ahwohn.exe
https://www.virustotal.com/analisis/b000480df63523f9aa5d9806b25e17c332bc0d7bfc5053b6a47e77672117b26f-1274198444 (https://www.virustotal.com/analisis/b000480df63523f9aa5d9806b25e17c332bc0d7bfc5053b6a47e77672117b26f-1274198444)               
7d489de210f61626e54b92e8f1b978c1  ===>  hxxp://xee1aeph2aay.kz/bin/aiphaipi.bin                               
2013015a22d4f496f49159d868786e13  ===>  hxxp://xee1aeph2aay.kz/bin/aiphaipi.exe
https://www.virustotal.com/analisis/9895c36dabefe0ebdd39ac3fe10c15415564cf185ff87323a9adc8869463f76e-1274159876 (https://www.virustotal.com/analisis/9895c36dabefe0ebdd39ac3fe10c15415564cf185ff87323a9adc8869463f76e-1274159876)                               
0bda610838a25fc3215960ea0a45fe78  ===>  hxxp://xee1aeph2aay.kz/bin/daishoch.bin                               
5f2c464eeaf8b5b2efec1d1815edfc76  ===>  hxxp://xee1aeph2aay.kz/bin/daishoch.exe
https://www.virustotal.com/analisis/ba845245a9e927b89bf85bfec30f3c46730dde2b105e45b9c4c40cb28271f55a-1274164020 (https://www.virustotal.com/analisis/ba845245a9e927b89bf85bfec30f3c46730dde2b105e45b9c4c40cb28271f55a-1274164020)                               
e27e0c4018498ec1fcd4ffce7f3af320  ===>  hxxp://xee1aeph2aay.kz/bin/ezeeshia.bin                               
80c594e8138aaa78246776dbee8a2b73  ===>  hxxp://xee1aeph2aay.kz/bin/ezeeshia.exe
https://www.virustotal.com/analisis/320532d3779a6a882f717c0725db244e2920b794a294c6bea461f211189162cf-1274099636 (https://www.virustotal.com/analisis/320532d3779a6a882f717c0725db244e2920b794a294c6bea461f211189162cf-1274099636)                               
e2b83ff83311c8f696111cecfd6f0fe3  ===>  hxxp://xee1aeph2aay.kz/bin/fohyusou.bin                               
649f4a34787e1196af7b6c1475fc65b1  ===>  hxxp://xee1aeph2aay.kz/bin/fohyusou.exe
https://www.virustotal.com/analisis/7b89d32f2dcc1d70d3c1c6071a36e57c69dfe72b024c6e3930324d882ce404a6-1274099973 (https://www.virustotal.com/analisis/7b89d32f2dcc1d70d3c1c6071a36e57c69dfe72b024c6e3930324d882ce404a6-1274099973)
8f57c723bdeccb873bd0cba258120184  ===>  hxxp://xee1aeph2aay.kz/bin/lohvogah.bin
e1b299d187a4a80cc229b44e8f1eaab2  ===>  hxxp://xee1aeph2aay.kz/bin/lohvogah.exe
https://www.virustotal.com/analisis/62fed42ecb2df076040de3a660916045ae3e4d2aaae73eccaac8e9727d547de6-1274202441 (https://www.virustotal.com/analisis/62fed42ecb2df076040de3a660916045ae3e4d2aaae73eccaac8e9727d547de6-1274202441)
b4af0be82474bef0ac412a1e4beeb8ea  ===>  hxxp://xee1aeph2aay.kz/bin/oopaiboo.bin
ffe9fd341777ec469debe08de4f0c480  ===>  hxxp://xee1aeph2aay.kz/bin/oopaiboo.exe
https://www.virustotal.com/analisis/d59e6f70e219cc336f29b052e669e4cc6305217eb2197481c86d74ffdf3a6156-1274198400 (https://www.virustotal.com/analisis/d59e6f70e219cc336f29b052e669e4cc6305217eb2197481c86d74ffdf3a6156-1274198400)
db0f2220a459c94991b349d8119af95a  ===>  hxxp://xee1aeph2aay.kz/bin/paloisep.bin
8d7fc1ab60caa1538896b8bb2210af1d  ===>  hxxp://xee1aeph2aay.kz/bin/paloisep.exe
https://www.virustotal.com/analisis/4186026f986383353ed08c629d9778792c5cd56346fe48a2a9d4e89bffbad715-1274198391 (https://www.virustotal.com/analisis/4186026f986383353ed08c629d9778792c5cd56346fe48a2a9d4e89bffbad715-1274198391)
e26fc54581aaf02ed647ed35c3393f3d  ===>  hxxp://xee1aeph2aay.kz/bin/soophu.bin
6a0a5763eb375dcae2714effe6131481  ===>  hxxp://xee1aeph2aay.kz/bin/soophu.exe
https://www.virustotal.com/analisis/d3e8dfe0f1154b7d9ea7ce8b2875da774381ac057bef4f1082f45d01f4803178-1274202416 (https://www.virustotal.com/analisis/d3e8dfe0f1154b7d9ea7ce8b2875da774381ac057bef4f1082f45d01f4803178-1274202416)
58b4b3ab1b9da26a4701349105305acc  ===>  hxxp://xee1aeph2aay.kz/bin/ucuosaew.bin
a034f3699239b024e095a79449ecc29b  ===>  hxxp://xee1aeph2aay.kz/bin/ucuosaew.exe
https://www.virustotal.com/analisis/90b9013f7503d14fb05e26c0ac16b161964538cd144272463de169f7a1346844-1274099626 (https://www.virustotal.com/analisis/90b9013f7503d14fb05e26c0ac16b161964538cd144272463de169f7a1346844-1274099626)
ff09b7c1cb708cd4e4cbd22e9bdfd3b3  ===>  hxxp://xee1aeph2aay.kz/bin/xingaepa.bin
48486f289532281ec560805a9a894f17  ===>  hxxp://xee1aeph2aay.kz/bin/xingaepa.exe
https://www.virustotal.com/analisis/c2b84d811c4b76911f534b6dcd2e6df155125437546254b19e8f4311bfaf6678-1274099698 (https://www.virustotal.com/analisis/c2b84d811c4b76911f534b6dcd2e6df155125437546254b19e8f4311bfaf6678-1274099698)
99774bb15e381d9a8dcc537a3c62f6e4  ===>  hxxp://xee1aeph2aay.kz/bin/yeengooz.bin
bceb58afb212cc52ce020d2c5e99a5ab  ===>  hxxp://xee1aeph2aay.kz/bin/yeengooz.exe
https://www.virustotal.com/analisis/38294cc66733cd67d1fca47126befd36227a85a0519aaa2921cfd71e051fc7fc-1274099649 (https://www.virustotal.com/analisis/38294cc66733cd67d1fca47126befd36227a85a0519aaa2921cfd71e051fc7fc-1274099649)
Title: Re: New files for Zeus servers
Post by: jackberri on May 19, 2010, 10:17:05 am
Code: [Select]
hxxp://betterpoint.net/sender/cfg.binmd5sum ===> 47efa669142ecd9d86cb93695d06c14e
SHA256 ===> 9232433c4d66a984762700028a76e73a9807cdb6abcb7ac4c7aaa52d8f7ca61e
Code: [Select]
hxxp://betterpoint.net/sender/aol.exemd5sum ===> 3fc26fc66cb410fc0730386fd66f0579
SHA256 ===> 8804721306a6a6398231f22af7a5233a1d605b715a8fd25be24d2eef0f440f3d
https://www.virustotal.com/es/analisis/8804721306a6a6398231f22af7a5233a1d605b715a8fd25be24d2eef0f440f3d-1274263751 (https://www.virustotal.com/es/analisis/8804721306a6a6398231f22af7a5233a1d605b715a8fd25be24d2eef0f440f3d-1274263751)
VT 17/41 (41.46%)
Code: [Select]
hxxp://betterpoint.net/sender/res/server.php
Title: Re: New files for Zeus servers
Post by: jackberri on May 19, 2010, 06:02:27 pm
Code: [Select]
hxxp://ventureiusaj.net/esahwohn.exemd5sum ===> 6bb0b9cef04fbd0b935662e3167b19e9
SHA256 ===> 65984381d78da438f071de4ed0ba3c1d16c4b2a23ca5b79aabda55fbfb1ea0b6
https://www.virustotal.com/es/analisis/65984381d78da438f071de4ed0ba3c1d16c4b2a23ca5b79aabda55fbfb1ea0b6-1274291531 (https://www.virustotal.com/es/analisis/65984381d78da438f071de4ed0ba3c1d16c4b2a23ca5b79aabda55fbfb1ea0b6-1274291531)
VT 5/41 (12.2%)

related bestviewbar.com:
IP Location: Latvia BKCNET Autonomous System IZZI SIA 
IP  91.188.59.95
AS6851
Registrant/Email Registrant: Alexandr Dmitrikov/2354364575s@gmail.com
Code: [Select]
hxxp://solaruploader.net/asdasd345345gged.exemd5sum ===> 040a07448f470ffe9beb94cdf81c6d76
SHA256 ===> fa2c96308302f238ed95326b41dcb3e5abd5a8f0159ea4c7be459226f3afaed6
https://www.virustotal.com/es/analisis/fa2c96308302f238ed95326b41dcb3e5abd5a8f0159ea4c7be459226f3afaed6-1274291125 (https://www.virustotal.com/es/analisis/fa2c96308302f238ed95326b41dcb3e5abd5a8f0159ea4c7be459226f3afaed6-1274291125)
VT 21/41 (51.22%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 21, 2010, 07:29:22 pm
related barmatuxa.info:
Code: [Select]
hxxp://serraniasuroeste.org/uploadedcvimg/1320906784foto0022.jpgmd5sum ===> 78b07381c29ef7d13c39777ec49e8573
SHA256 ===>   feb6b80c8e7003b98be3d39692f3b1fa21b93f03e5d08793508d690733ef84df
https://www.virustotal.com/es/analisis/feb6b80c8e7003b98be3d39692f3b1fa21b93f03e5d08793508d690733ef84df-1274469507 (https://www.virustotal.com/es/analisis/feb6b80c8e7003b98be3d39692f3b1fa21b93f03e5d08793508d690733ef84df-1274469507)
VT 3/41 (7.32%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 23, 2010, 10:27:42 pm
related barmatuxa.info:
Code: [Select]
hxxp://aisia.net/images/galeria/gobela3handi2.jpgmd5sum ===> 0462b6b5e5a8d718fe10d9cd9329bc0b
SHA256 ===> 79cb72cf9dd5ac49e9cb334cd8a73edf811f90df066b3ed4bbd1ca31a82da6f6
https://www.virustotal.com/es/analisis/959570f001b9a529cf3f3dd7a9bad0c765fa6d28535ca2d0597cbc707017b9b3-1274652954 (https://www.virustotal.com/es/analisis/959570f001b9a529cf3f3dd7a9bad0c765fa6d28535ca2d0597cbc707017b9b3-1274652954)
VT 6/41 (14.64%)

related bestviewbar.com:
Code: [Select]
hxxp://solaruploader.net/asdff444ed.exemd5sum ===> 2ba974cedeb421acadb61dd107416551
SHA256 ===> c672f56b26e1c87b7ca7bd525590b8695fbc19dd0171127f0c573531181eac9e
https://www.virustotal.com/analisis/cfa455df6315b840bcb1caa3cbf28413ce2fc040e181462ec5f5caf516a8ffa8-1274574734 (https://www.virustotal.com/analisis/cfa455df6315b840bcb1caa3cbf28413ce2fc040e181462ec5f5caf516a8ffa8-1274574734)
VT 2/41 (4.88%)

Code: [Select]
hxxp://assolo.ru/flash/kill.exemd5sum ===> 2630a91abc10276f02ef759f664ca01e
SHA256 ===> cfa455df6315b840bcb1caa3cbf28413ce2fc040e181462ec5f5caf516a8ffa8
https://www.virustotal.com/analisis/c672f56b26e1c87b7ca7bd525590b8695fbc19dd0171127f0c573531181eac9e-1274602369 (https://www.virustotal.com/analisis/c672f56b26e1c87b7ca7bd525590b8695fbc19dd0171127f0c573531181eac9e-1274602369)
VT 6/41 (14.63%)
Code: [Select]
hxxp://assolo.ru/flash/rapport.exemd5sum ===> b97fc2221114ace66f5a822476c42398
SHA256 ===> f34ba4aa808ddac342945e9863bdab68ad3a4b71287a0b104266850f7592e114
https://www.virustotal.com/analisis/f34ba4aa808ddac342945e9863bdab68ad3a4b71287a0b104266850f7592e114-1274532315 (https://www.virustotal.com/analisis/f34ba4aa808ddac342945e9863bdab68ad3a4b71287a0b104266850f7592e114-1274532315)
VT 2/41 (4.88%)
Code: [Select]
hxxp://assolo.ru/flash/killaa.exemd5sum ===> 5e1aaeec357476efdb4ffc308ca93fd5
SHA256 ===> d81291887b594b3f94328d79e8bdbaf0b596f0cf437c65c4f0c09684a2595eaa
https://www.virustotal.com/analisis/f34ba4aa808ddac342945e9863bdab68ad3a4b71287a0b104266850f7592e114-1274532315 (https://www.virustotal.com/analisis/f34ba4aa808ddac342945e9863bdab68ad3a4b71287a0b104266850f7592e114-1274532315)
VT 2/41 (4.88%)


Title: Re: New files for Zeus servers
Post by: jackberri on May 23, 2010, 11:23:02 pm
related zeusbotnet malware (worm skype & other trojans):

Code: [Select]
hxxp://stashbox.org/895494/NewSkypeAd.exemd5sum ===> 90bd39fb1eeb60087277dd4a7074468d
SHA256 ===> 36c0897ad8783be10f0507b79df115dfdaa645ab2869fe6107fcc44a32c5acd1
https://www.virustotal.com/es/analisis/36c0897ad8783be10f0507b79df115dfdaa645ab2869fe6107fcc44a32c5acd1-1274656631 (https://www.virustotal.com/es/analisis/36c0897ad8783be10f0507b79df115dfdaa645ab2869fe6107fcc44a32c5acd1-1274656631)
VT 18/41 (43.91%)
Code: [Select]
hxxp://stashbox.org/900723/reptile.exemd5sum ===> f7ba200b5c27f5b1dc129678a3422c48
SHA256 ===> 1d8ba5f1779788e656446d23cd78319c24d3606b4b034a20929eb3936d033f54
https://www.virustotal.com/es/analisis/1d8ba5f1779788e656446d23cd78319c24d3606b4b034a20929eb3936d033f54-1274656476 (https://www.virustotal.com/es/analisis/1d8ba5f1779788e656446d23cd78319c24d3606b4b034a20929eb3936d033f54-1274656476)
VT 9/41 (21.96%)
Code: [Select]
hxxp://stashbox.org/898544/Downloader.exemd5sum ===> 67dcaffc0617542f1a6a1914bde183b7
SHA256 ===> be34612e2496a23d71d4003f6e333936623ca9629a4ab5cdb81407d9697cf86a
https://www.virustotal.com/es/analisis/be34612e2496a23d71d4003f6e333936623ca9629a4ab5cdb81407d9697cf86a-1274656365 (https://www.virustotal.com/es/analisis/be34612e2496a23d71d4003f6e333936623ca9629a4ab5cdb81407d9697cf86a-1274656365)
VT 5/41 (12.2%)
Code: [Select]
hxxp://stashbox.org/898543/newbabeblish.exemd5sum ===> 3e17d2b32eb3f20771d3de760358cf75
SHA256 ===> ccf05e2e7d3cf6606372aec354c09ebf65efef629e149821a14570632ab32a5f
https://www.virustotal.com/es/analisis/ccf05e2e7d3cf6606372aec354c09ebf65efef629e149821a14570632ab32a5f-1274656228 (https://www.virustotal.com/es/analisis/ccf05e2e7d3cf6606372aec354c09ebf65efef629e149821a14570632ab32a5f-1274656228)
VT 0/41 (0%)


Title: Re: New files for Zeus servers
Post by: jackberri on May 24, 2010, 06:38:38 pm
Code: [Select]
hxxp://assolo.ru/flash/uk.binmd5sum ===> f2a6abd9ab824c0a9a31a20ee4db530b
SHA256 ===> 581495be43318640a6a9460adb14e3b98f61eefe1eced9d29a61872be79de6f0
Code: [Select]
hxxp://assolo.ru/flash/uk.exemd5sum ===> 433106bb166289bae3efda7fa873a263
SHA256 ===> 71b0680afbef0759cbd65af41c385ae7694ffb4e8d36a7ad6af7f4f6129dc540
https://www.virustotal.com/es/analisis/71b0680afbef0759cbd65af41c385ae7694ffb4e8d36a7ad6af7f4f6129dc540-1274725406 (https://www.virustotal.com/es/analisis/71b0680afbef0759cbd65af41c385ae7694ffb4e8d36a7ad6af7f4f6129dc540-1274725406)
VT 13/41 (31.71%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 25, 2010, 06:58:43 pm
related bestviewbar.com
Code: [Select]
hxxp://solaruploader.net/!!!!!!!wwwned.exemd5sum ===> 4e59abaf44ca4bab3454838f9c062695
SHA256 ===> cb2edfd98c4fa6f8f86b221f729afb2a875c92c78f90a4b0f7ac1e83c9775f70
https://www.virustotal.com/es/analisis/cb2edfd98c4fa6f8f86b221f729afb2a875c92c78f90a4b0f7ac1e83c9775f70-1274813430 (https://www.virustotal.com/es/analisis/cb2edfd98c4fa6f8f86b221f729afb2a875c92c78f90a4b0f7ac1e83c9775f70-1274813430)
VT 10/41 (24.4%)

other malware (Fake AV):
IP Location: United States - RoadRunner RR-RC-Wholesale Internet, Inc 
IP  69.197.147.186
AS32097
Registrant/Email Registrant: Smart Systems-Mike Tokler/clarist1debari@hotmail.com
Code: [Select]
hxxp://httpswork.com/ea.php?p=1&aid=26
Code: [Select]
hxxp://httpswork.com/security.exemd5sum ===> 5a0611c9cbe79ea2735fbc8ef55e83b1
SHA256 ===> 36b2af5e3f0c2fb6bd9b8c40c98d53eea8bf65b3dea21e246d095568361f42f3
https://www.virustotal.com/es/analisis/36b2af5e3f0c2fb6bd9b8c40c98d53eea8bf65b3dea21e246d095568361f42f3-1274813037 (https://www.virustotal.com/es/analisis/36b2af5e3f0c2fb6bd9b8c40c98d53eea8bf65b3dea21e246d095568361f42f3-1274813037)
VT 18/41 (43.91%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 27, 2010, 01:12:16 pm
Code: [Select]
hxxp://vinni-trinni3.net/tr/config.binmd5sum ===> e8db4dd2677e5e15ff9ac6276f407a72
SHA256 ===> 8bfa7aebc8ed5c5ff156b2aca60ffe5f2004ccf5915292925a655bfe0a44b0b6
Code: [Select]
hxxp://vinni-trinni3.net/tr/update.exemd5sum ===> 215da13922aa440e122af12456a6fea2
SHA256 ===> 0cffbe8ba187b0ac54228d6d7913da57e913060a825f39d795d2061cb5772d5c
https://www.virustotal.com/es/analisis/0cffbe8ba187b0ac54228d6d7913da57e913060a825f39d795d2061cb5772d5c-1274965332 (https://www.virustotal.com/es/analisis/0cffbe8ba187b0ac54228d6d7913da57e913060a825f39d795d2061cb5772d5c-1274965332)
VT 23/41 (56.1%)
Code: [Select]
hxxp://vinni-trinni3.net/tr/gate.php
Code: [Select]
hxxp://vinni-trinni3.net/tr/111/config.bin1md5sum ===> 4abd99835addac56f70a10389bff54cf
SHA256 ===> f887f6544d413a7331fa71457f04772800a0f42fcb7d9d25f11d889f64accbfc
Code: [Select]
hxxp://vinni-trinni3.net/tr/111/update.exemd5sum ===> 9ea64d8fd35370beeaaf697bc4a6147a
SHA256 ===> 8c086b9a6307cb9808fe152eb56b6fbbb654152169c914a78247a7cc2def1324
https://www.virustotal.com/es/analisis/8c086b9a6307cb9808fe152eb56b6fbbb654152169c914a78247a7cc2def1324-1274966319 (https://www.virustotal.com/es/analisis/8c086b9a6307cb9808fe152eb56b6fbbb654152169c914a78247a7cc2def1324-1274966319)
VT 6/41 (14.64%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 28, 2010, 09:02:34 am
Code: [Select]
hxxp://www.kazanovshina.ru/de.cnfmd5sum ===> 9555b92444d2ef3d0a790ff9cc0e051b
SHA256 ===>  6377241ed772f684fa92ea7d57c131e1d08da2819317cce0ab21d860a9975cf9
Code: [Select]
hxxp://www.kazanovshina.ru/de.exemd5sum ===> be477874e31386ed75033a30e9a07010
SHA256 ===>  2c7580f1b3dd54a89e1f81519de6125000ab009ed922a570f295fe5648b27b1f
https://www.virustotal.com/es/analisis/2c7580f1b3dd54a89e1f81519de6125000ab009ed922a570f295fe5648b27b1f-1274953837 (https://www.virustotal.com/es/analisis/2c7580f1b3dd54a89e1f81519de6125000ab009ed922a570f295fe5648b27b1f-1274953837)
VT 4/41 (9.76%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 29, 2010, 09:37:17 am
related bestviewbar.com
Code: [Select]
hxxp://solaruploader.net/aaassseined.exemd5sum ===> 3dd3fb463bd34acd275388b96adc18b9
SHA256 ===> 89073bee9cf063b87fe1b0f2ae3122352ea47a458dcf987facea233367c97aca
https://www.virustotal.com/es/analisis/89073bee9cf063b87fe1b0f2ae3122352ea47a458dcf987facea233367c97aca-1275125405 (https://www.virustotal.com/es/analisis/89073bee9cf063b87fe1b0f2ae3122352ea47a458dcf987facea233367c97aca-1275125405)
VT 10/41 (24.4%)
related:
Code: [Select]
aahydrogen.com
bastocks.com
Title: Re: New files for Zeus servers
Post by: jackberri on May 30, 2010, 12:00:47 pm
Code: [Select]
hxxp://oashae2ieyek.ru/bin/paloisep.binmd5sum ===> 4d53fa8f08f995979f1ec542b31bc82c
SHA256 ===> a3a69788e189169b7389cb266f0077cb9e4018c2cc1628f75f5589d861f9ef29
Code: [Select]
hxxp://oashae2ieyek.ru/bin/paloisep.exemd5sum ===> 6bd111cd808fc7906b6cfa1cfa0a51ef
SHA256 ===> b9161d3401877824fcfa39931dc1f0ffb1d53f92576ab4992be7bfb77f11baf2
https://www.virustotal.com/es/analisis/b9161d3401877824fcfa39931dc1f0ffb1d53f92576ab4992be7bfb77f11baf2-1275219337 (https://www.virustotal.com/es/analisis/b9161d3401877824fcfa39931dc1f0ffb1d53f92576ab4992be7bfb77f11baf2-1275219337)
VT 26/40 (65%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 30, 2010, 05:01:24 pm
Code: [Select]
hxxp://kldmten.net/include/dm.jpgmd5sum ===> 36e42ed1818af9675f929be0c0533d4e
SHA256 ===> 118f24af4d3466677d28318abcb817dc5ec50bda7d13f87c2ce7443ed9f7b0c7
Code: [Select]
hxxp://kldmten.net/include/footer.php
Code: [Select]
hxxp://kldmten.net/www/rap.exemd5sum ===> a433d06de093cba3148a0ca5dcc7fa17
SHA256 ===> fedfb64fc4c5cc3a4668a712b2d449131babf0dc1e2b2d199fd9518193f278a6
https://www.virustotal.com/es/analisis/fedfb64fc4c5cc3a4668a712b2d449131babf0dc1e2b2d199fd9518193f278a6-1275238460 (https://www.virustotal.com/es/analisis/fedfb64fc4c5cc3a4668a712b2d449131babf0dc1e2b2d199fd9518193f278a6-1275238460)
VT 6/41 (14.64%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 31, 2010, 12:04:39 pm
Code: [Select]
hxxp://reklamen6.ru/news/kill.exemd5sum ===> c19914c3e6c34bea4020fdcd88f9330c
SHA256 ===>  056e9ca93b1d2f748a8cfd0057ee91263cf73bfc3df3b3354378d776802d44bd
https://www.virustotal.com/es/analisis/056e9ca93b1d2f748a8cfd0057ee91263cf73bfc3df3b3354378d776802d44bd-1275306838 (https://www.virustotal.com/es/analisis/056e9ca93b1d2f748a8cfd0057ee91263cf73bfc3df3b3354378d776802d44bd-1275306838)
VT 5/41 (12.2%)
Code: [Select]
hxxp://reklamen6.ru/news/killaa.exemd5sum ===> 396105d2b2016e5f07a87e8de3f419d8
SHA256 ===>  7f809b2d253ccb0715c5c4987f82b88ee4a58b6107f03b663f320dcfddccf9e8
https://www.virustotal.com/es/analisis/7f809b2d253ccb0715c5c4987f82b88ee4a58b6107f03b663f320dcfddccf9e8-1275306986 (https://www.virustotal.com/es/analisis/7f809b2d253ccb0715c5c4987f82b88ee4a58b6107f03b663f320dcfddccf9e8-1275306986)
VT 1/40 (2.5%)
Code: [Select]
hxxp://reklamen6.ru/news/rapport.exemd5sum ===> 7e393fc1e7741a4666a68ce50186d2e4
SHA256 ===>  2006d436cd13dde04a50b9107a519c818d44c716ceda4c1169ea2dbd3eae4f57
https://www.virustotal.com/es/analisis/2006d436cd13dde04a50b9107a519c818d44c716ceda4c1169ea2dbd3eae4f57-1275307159 (https://www.virustotal.com/es/analisis/2006d436cd13dde04a50b9107a519c818d44c716ceda4c1169ea2dbd3eae4f57-1275307159)
VT 8/41 (19.51%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 01, 2010, 09:21:01 am
new IP
new md5sum for zeus trojan:
IP Location: Moldova - STARNET-AS StarNet Moldova   
IP 195.5.161.227
AS31252
Code: [Select]
hxxp://www.greengirlinbighome.ru/de.exemd5sum ===> 4cbc3352e43c368433c84bbdfbf023a3
SHA256 ===>  9f788b064250508735676f58ce95a7710845482a754652f9b71bbd310ad15794
https://www.virustotal.com/es/analisis/9f788b064250508735676f58ce95a7710845482a754652f9b71bbd310ad15794-1275383297 (https://www.virustotal.com/es/analisis/9f788b064250508735676f58ce95a7710845482a754652f9b71bbd310ad15794-1275383297)
VT 12/41 (29.27%)
Code: [Select]
hxxp://www.greengirlinbighome.ru/de.cnf
Code: [Select]
hxxp://www.greengirlinbighome.ru/kuku.php
related bestviewbar.com:
Code: [Select]
hxxp://solaruploader.net/!12233344555d.exemd5sum ===> 3053fed4c9b5696e9839b25bbbcab726
SHA256 ===>  fa7bf8264746b57ec36c2ef4ea3b0f4cf1e475f27ca0d615d74d1f17a3e191da
https://www.virustotal.com/es/analisis/fa7bf8264746b57ec36c2ef4ea3b0f4cf1e475f27ca0d615d74d1f17a3e191da-1275382197 (https://www.virustotal.com/es/analisis/fa7bf8264746b57ec36c2ef4ea3b0f4cf1e475f27ca0d615d74d1f17a3e191da-1275382197)
VT 12/41 (29.27%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 01, 2010, 09:30:58 am
new IP
IP Location: Moldova - STARNET-AS StarNet Moldova   
IP 195.5.161.227
AS31252
Email Registrant: salamandainword@yahoo.com
Code: [Select]
hxxp://www.salamandainword.ru/de.cnfmd5sum ===> 9555b92444d2ef3d0a790ff9cc0e051b
SHA256 ===>  6377241ed772f684fa92ea7d57c131e1d08da2819317cce0ab21d860a9975cf9
Code: [Select]
hxxp://www.salamandainword.ru/de.exemd5sum ===> 4cbc3352e43c368433c84bbdfbf023a3
SHA256 ===>  9f788b064250508735676f58ce95a7710845482a754652f9b71bbd310ad15794
https://www.virustotal.com/es/analisis/9f788b064250508735676f58ce95a7710845482a754652f9b71bbd310ad15794-1275383297 (https://www.virustotal.com/es/analisis/9f788b064250508735676f58ce95a7710845482a754652f9b71bbd310ad15794-1275383297)
VT 12/41 (29.27%)
Code: [Select]
hxxp://www.greengirlinbighome.ru/kuku.php
Title: Re: New files for Zeus servers
Post by: jackberri on June 02, 2010, 08:06:03 pm
IP
AS
Registrant/Email Registrant: Oksana Bojko/info@gname.net
Code: [Select]
hxxp://deewaek4heeh.kz/bin/ucuosaew.bin
hxxp://deewaek4heeh.kz/bin/ucuosaew.exe
hxxp://deewaek4heeh.kz/bin/aedigiuv.bin
hxxp://deewaek4heeh.kz/bin/aedigiuv.exe
hxxp://deewaek4heeh.kz/bin/yeengooz.bin
hxxp://deewaek4heeh.kz/bin/yeengooz.exe
hxxp://deewaek4heeh.kz/cp11/zengate.php
hxxp://deewaek4heeh.kz/bin/daishoch.bin
hxxp://deewaek4heeh.kz/bin/daishoch.exe
Title: Re: New files for Zeus servers
Post by: jackberri on June 03, 2010, 07:38:28 pm
Code: [Select]
hxxp://solaruploader.net/asdsdsss!!!d.exemd5sum ===> facd3048b5cf47b9e28a93399266eed7
SHA256 ===>  676d3ff5d01ac3b052ac4939cb9c4eed8c2a099dd3dedfc41dc4180c8bfb0a8f
http://www.virustotal.com/analisis/676d3ff5d01ac3b052ac4939cb9c4eed8c2a099dd3dedfc41dc4180c8bfb0a8f-1275535935 (http://www.virustotal.com/analisis/676d3ff5d01ac3b052ac4939cb9c4eed8c2a099dd3dedfc41dc4180c8bfb0a8f-1275535935)
VT 9/40 (22.50%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 04, 2010, 10:14:59 pm
IP Location: Ukraine - Odessa-colo - WNET W-NET
IP 92.60.176.41
[real-host.ru]
AS15772
Registrant/Email Registrant: Aleksandr V Slabkov/slabkov@intimatefire.com
Code: [Select]
hxxp://lightobmen.ru/robo/config.bin1md5sum ===> 62da6868b8cbbc089af1fcfdb656ddfe
SHA256 ===> 39d5244195e8b7bd64587fb795a362fc603d5dd4aa593891a8b4ea74aecb70f4
Code: [Select]
hxxp://lightobmen.ru/robo/gate.php
New IP
IP Location: Ukraine - MSUNET DELEGATED BLOCK Moscow State University - MSU Moscow State University
IP 212.192.226.3
[dmit.geol.msu.ru]
AS2848
Code: [Select]
hxxp://wapdodoit.ru/m2/viewtopic.php
Code: [Select]
hxxp://arsenalik.ru/medvedev_krysa/medvedev_evrej.php
Code: [Select]
hxxp://arsenalik.ru/medvedev_krysa/kill.exemd5sum ===> ffffcdec417b2195504746b5d113b968
SHA256 ===> 405bd6879089fab34240ac3ec463b8c42b9cedf62d08aaf67d036c4033945424
https://www.virustotal.com/es/analisis/405bd6879089fab34240ac3ec463b8c42b9cedf62d08aaf67d036c4033945424-1275688222 (https://www.virustotal.com/es/analisis/405bd6879089fab34240ac3ec463b8c42b9cedf62d08aaf67d036c4033945424-1275688222)
VT 11/41 (26.83%)
Code: [Select]
hxxp://arsenalik.ru/medvedev_krysa/killaa.exemd5sum ===> 05740edf8ef59dfdcb3660b35e76052c
SHA256 ===> c5eef527c3150511fd7c384b3ac0e536c02402d3deef7478775fc697ecd35374
https://www.virustotal.com/es/analisis/c5eef527c3150511fd7c384b3ac0e536c02402d3deef7478775fc697ecd35374-1275688122 (https://www.virustotal.com/es/analisis/c5eef527c3150511fd7c384b3ac0e536c02402d3deef7478775fc697ecd35374-1275688122)
VT 18/40 (45%)
Code: [Select]
hxxp://arsenalik.ru/medvedev_krysa/rapport.exemd5sum ===> bd3c6f35dcc283a762143db97082e90a
SHA256 ===> 42514dbd6b8b9c1243e0e95d9668b7a2a71fa7ddadb2be693854c9551634ce63
https://www.virustotal.com/es/analisis/42514dbd6b8b9c1243e0e95d9668b7a2a71fa7ddadb2be693854c9551634ce63-1275688032 (https://www.virustotal.com/es/analisis/42514dbd6b8b9c1243e0e95d9668b7a2a71fa7ddadb2be693854c9551634ce63-1275688032)
VT 9/41 (21.96%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 08, 2010, 01:22:22 pm
Code: [Select]
hxxp://rs850.rapidshare.com/files/395008200/KeyDownloader.exemd5sum ===> 909d17ddfb03e55433db40610e282401
SHA256 ===> 34dde8cc54f1d035236117f28319192252ee232eed8ddab48a63d40017adae45
https://www.virustotal.com/es/analisis/34dde8cc54f1d035236117f28319192252ee232eed8ddab48a63d40017adae45-1276002527 (https://www.virustotal.com/es/analisis/34dde8cc54f1d035236117f28319192252ee232eed8ddab48a63d40017adae45-1276002527)
VT 6/41 (14.64%)
related:
Code: [Select]
r0guen3t.biz
Code: [Select]
hxxp://solaruploader.net/ssssssss!!!d.exemd5sum ===> b843cc6c8c6d0ee76f724a4d3325b3e0
SHA256 ===> 5ac96798c1713befa8dc464e93eba962cf17ff017f2d0986f47ab1b116adc1cb
https://www.virustotal.com/es/analisis/5ac96798c1713befa8dc464e93eba962cf17ff017f2d0986f47ab1b116adc1cb-1275992921 (https://www.virustotal.com/es/analisis/5ac96798c1713befa8dc464e93eba962cf17ff017f2d0986f47ab1b116adc1cb-1275992921)
VT 22/41 (53.66%)
related:
Code: [Select]
aahydrogen.com
Title: Re: New files for Zeus servers
Post by: jackberri on June 09, 2010, 09:39:19 am
Code: [Select]
hxxp://caseva.es/images/totalff.jpgmd5sum ===> cda2601f4598b5a6c2f5d67a07397226
SHA256 ===>  1a659c4ccae4a83c69b10f65ad745706f08cb6e74468f576ec1073149cbb7a3e
https://www.virustotal.com/es/analisis/1a659c4ccae4a83c69b10f65ad745706f08cb6e74468f576ec1073149cbb7a3e-1276076078 (https://www.virustotal.com/es/analisis/1a659c4ccae4a83c69b10f65ad745706f08cb6e74468f576ec1073149cbb7a3e-1276076078)
VT 6/41 (14.64%)
related:
Code: [Select]
hxxp://loteriahadamadrina.com/images/imagenes/flash.bin
Title: Re: New files for Zeus servers
Post by: jackberri on June 09, 2010, 12:25:53 pm
Code: [Select]
hxxp://campinglavall.net/img/soso.jpgmd5sum ===> deddaa2dbbf1e84be1d1627fbd1c9c48
SHA256 ===>  f215ca5efd7a3bfb418b6a0e4fc6186ef592d0828ec3874e07af4fe7534739a2
https://www.virustotal.com/es/analisis/f215ca5efd7a3bfb418b6a0e4fc6186ef592d0828ec3874e07af4fe7534739a2-1276085551 (https://www.virustotal.com/es/analisis/f215ca5efd7a3bfb418b6a0e4fc6186ef592d0828ec3874e07af4fe7534739a2-1276085551)
VT 8/41 (19.52%)
related:
Code: [Select]
hxxp://llessui.com/imagenes/flash.bin
Title: Re: New files for Zeus servers
Post by: jackberri on June 09, 2010, 07:08:08 pm
Code: [Select]
hxxp://municipalidadlagoranco.cl/images/banners/vodiff.jpgmd5sum ===> 9ea0f3b797514fc0821ff11d4a100981
SHA256 ===> 08c619c7fa521a8bb451d652d6ba5d47db3e63b1124ec1d750ac5c10cc2f8fd0
https://www.virustotal.com/es/analisis/08c619c7fa521a8bb451d652d6ba5d47db3e63b1124ec1d750ac5c10cc2f8fd0-1276110209 (https://www.virustotal.com/es/analisis/08c619c7fa521a8bb451d652d6ba5d47db3e63b1124ec1d750ac5c10cc2f8fd0-1276110209)
VT 10/41 (24.4%)
related (already listed):
Code: [Select]
hxxp://llessui.com/imagenes/flash.bin
Title: Re: New files for Zeus servers
Post by: jackberri on June 10, 2010, 08:47:55 am
Code: [Select]
hxxp://www.alcamarsaci.cl/images/dom.jpgmd5sum ===> f5e96eb8ea33fb60778208baadbd30d9
SHA256 ===>  80721505a1f115c1a34685f569b2f1ca71983c9d7555562c70cbe17a52940ca8
https://www.virustotal.com/es/analisis/80721505a1f115c1a34685f569b2f1ca71983c9d7555562c70cbe17a52940ca8-1276153827 (https://www.virustotal.com/es/analisis/80721505a1f115c1a34685f569b2f1ca71983c9d7555562c70cbe17a52940ca8-1276153827)
VT 5/41 (12.2%)
Code: [Select]
hxxp://www.alcamarsaci.cl/images/game.jpgmd5sum ===> 9fa5ca2ba5a7ef1477a9a30419f7d30a
SHA256 ===>  4ca6cc01740b500f6d764536856b4c12894ff2ce7fbb5015b18540cd6d029b95
https://www.virustotal.com/es/analisis/4ca6cc01740b500f6d764536856b4c12894ff2ce7fbb5015b18540cd6d029b95-1276154432 (https://www.virustotal.com/es/analisis/4ca6cc01740b500f6d764536856b4c12894ff2ce7fbb5015b18540cd6d029b95-1276154432)
VT 6/41 (14.64%)
Code: [Select]
hxxp://www.alcamarsaci.cl/images/body.jpgmd5sum ===> 0e27ce48e915471ffdb4602e0c43f228
SHA256 ===>  4a31452a77a9d25fbc65eb179b2d4a1ff0cc5bf3b571cc67a59426f50be8c3d1
https://www.virustotal.com/es/analisis/4a31452a77a9d25fbc65eb179b2d4a1ff0cc5bf3b571cc67a59426f50be8c3d1-1276157735 (https://www.virustotal.com/es/analisis/4a31452a77a9d25fbc65eb179b2d4a1ff0cc5bf3b571cc67a59426f50be8c3d1-1276157735)
VT 5/41 (12.2%)
related:
Code: [Select]
serraniasuroeste.org/images/flash.bin
geroinanety.net/estatwebstat/webstat.php
incoming?:
Code: [Select]
gerointyt.net/flash.exe
Code: [Select]
related comunidadvalleromanosur.com/Images/vallewe.jpg:
IP Location: United Kingdom - WEBTAPESTRY-AS Axamba Limited T/As Web Tapestry
IP 217.151.98.20
[lancelot.webtapestry.net]
AS21055
Registrant: Westmorland Geological Society
Code: [Select]
hxxp://westmorlandgeolsoc.org.uk/images/iec.exemd5sum ===> 7cf198a5ab53571d2d2c5d450e90c0e8
SHA256 ===>  e48f42c973e0fd6e13463078b1b1b425f7e1e19eeafd68b59c34be4e7abb8480
https://www.virustotal.com/es/analisis/e48f42c973e0fd6e13463078b1b1b425f7e1e19eeafd68b59c34be4e7abb8480-1276156576 (https://www.virustotal.com/es/analisis/e48f42c973e0fd6e13463078b1b1b425f7e1e19eeafd68b59c34be4e7abb8480-1276156576)
VT 5/41 (12.2%)

Code: [Select]
hxxp://solaruploader.net/asd!!!!!!!!!1ned.exemd5sum ===> 00082dc10d703408b6b522ad84ee1fa2
SHA256 ===> 9de7e76b1da1814d6f369c3386ad16828a8e2c487a9ab002251b9d2939c8229c
https://www.virustotal.com/es/analisis/9de7e76b1da1814d6f369c3386ad16828a8e2c487a9ab002251b9d2939c8229c-1276151689 (https://www.virustotal.com/es/analisis/9de7e76b1da1814d6f369c3386ad16828a8e2c487a9ab002251b9d2939c8229c-1276151689)
VT 22/40 (55.00%)

other malware:
Tr. Downloader
IP Location: Japan Osaka Yyy Co. Ltd
AS4725
Code: [Select]
hxxp://211.8.50.118/program/netmedia.exemd5sum ===> 882b496f1b9914c68d44452ce82959d7
SHA256 ===>  48ae18aa0d3ce4006d352598910daae680e43e7e0b143d1237563fceaab04c89
https://www.virustotal.com/es/analisis/48ae18aa0d3ce4006d352598910daae680e43e7e0b143d1237563fceaab04c89-1276064330 (https://www.virustotal.com/es/analisis/48ae18aa0d3ce4006d352598910daae680e43e7e0b143d1237563fceaab04c89-1276064330)
VT 2/41 (4.88%)

Backdoor
IP Location: China CHINANET-JS-AS-AP AS Number for CHINANET
AS23650
Code: [Select]
hxxp://61.160.219.205/121xia.exemd5sum ===> 4cd37babad12cf531222b332fe426635
SHA256 ===> b0ac28037b0ad742506b6ee76c081229d1a31fbd74ba848a0db667db90bb859c
https://www.virustotal.com/es/analisis/b0ac28037b0ad742506b6ee76c081229d1a31fbd74ba848a0db667db90bb859c-1276066695 (https://www.virustotal.com/es/analisis/b0ac28037b0ad742506b6ee76c081229d1a31fbd74ba848a0db667db90bb859c-1276066695)
VT 13/41 (31.71%)

Title: Re: New files for Zeus servers
Post by: jackberri on June 10, 2010, 10:25:25 am
Code: [Select]
hxxp://www.alcamarsaci.cl/images/valls.jpgmd5sum ===> a6a881422b89a7d9a88331514f4fd303
SHA256 ===>  e7fbc43578de238f10e6e9ae9929032526c4fb446eb238d0e7e7f46f0754d919
https://www.virustotal.com/es/analisis/e7fbc43578de238f10e6e9ae9929032526c4fb446eb238d0e7e7f46f0754d919-1276162876 (https://www.virustotal.com/es/analisis/e7fbc43578de238f10e6e9ae9929032526c4fb446eb238d0e7e7f46f0754d919-1276162876)
VT 8/41 (19.52%)
related:
Code: [Select]
serraniasuroeste.org/images/flash.bin
geroinanety.net/estatwebstat/webstat.php

Code: [Select]
hxxp://caseva.es/images/flashimfer.jpgmd5sum ===> 66ac1a403a6d93dfc12661e1d3407ec9
SHA256 ===>  ead7cad86663bd40fb2fc3d99944ea22c0e4fa55e0fedc63fcb007f424d066e2
https://www.virustotal.com/es/analisis/ead7cad86663bd40fb2fc3d99944ea22c0e4fa55e0fedc63fcb007f424d066e2-1276163710 (https://www.virustotal.com/es/analisis/ead7cad86663bd40fb2fc3d99944ea22c0e4fa55e0fedc63fcb007f424d066e2-1276163710)
VT 14/41 (34.15%)
related:
Code: [Select]
loteriahadamadrina.com/images/flash.bin
geroinanety.net/estatwebstat/webstat.php
Title: Re: New files for Zeus servers
Post by: jackberri on June 11, 2010, 06:58:27 am
Code: [Select]
hxxp://comunidadvalleromanosur.com/Images/fodess.jpgmd5sum ===> 43cd2cf8f9fa7e223b857389a16feea2
SHA256 ===>  4ba7ffd5366400ef9dc5c66f67768dece8c4c016eabc1aa88e172221fcef3245
https://www.virustotal.com/es/analisis/4ba7ffd5366400ef9dc5c66f67768dece8c4c016eabc1aa88e172221fcef3245-1276237695 (https://www.virustotal.com/es/analisis/4ba7ffd5366400ef9dc5c66f67768dece8c4c016eabc1aa88e172221fcef3245-1276237695)
VT 12/41 (29.27%)
Code: [Select]
hxxp://comunidadvalleromanosur.com/Images/pupsikiii.jpgmd5sum ===> 7824ee416a48f92631b8cfa03c3a6873
SHA256 ===>  5ac2fd2ee1193b24fa8966f3a0e157f51dcc80be93c8c931c1bf4c0a78500530
https://www.virustotal.com/es/analisis/5ac2fd2ee1193b24fa8966f3a0e157f51dcc80be93c8c931c1bf4c0a78500530-1276238501 (https://www.virustotal.com/es/analisis/5ac2fd2ee1193b24fa8966f3a0e157f51dcc80be93c8c931c1bf4c0a78500530-1276238501)
VT 13/41 (31.71%)
related (already listed):
Code: [Select]
hxxp://cooperaccio.org/img/flash.bin[/code
Title: Re: New files for Zeus servers
Post by: jackberri on June 11, 2010, 09:38:21 am
Code: [Select]
hxxp://campinglavall.net/img/imgzip.jpgmd5sum ===> 2f88d7e6eb70e7ce7189026792c340d6
SHA256 ===>  5bec630392745fb6d9b00a82d3707f791f5ea0bb7c248f86d9a8fa29c5e88eb8
https://www.virustotal.com/es/analisis/5bec630392745fb6d9b00a82d3707f791f5ea0bb7c248f86d9a8fa29c5e88eb8-1276241635 (https://www.virustotal.com/es/analisis/5bec630392745fb6d9b00a82d3707f791f5ea0bb7c248f86d9a8fa29c5e88eb8-1276241635)
VT 15/41 (36.59%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 11, 2010, 10:19:32 pm
Code: [Select]
hxxp://vopret.ru/www/epx.binmd5sum ===> dcffb4f24f97d1c202577ee4abe31e71
SHA256 ===>  90081ea4864b409cf3dcac7b2f151aa20e2d1a67c17c712563099fc10b9e6c47
Code: [Select]
hxxp://vopret.ru/www/epx.exemd5sum ===> 367bcfa6197d06ad55e7e6c031409f18
SHA256 ===>  2203f2074fe6d8535f0c0219761705371276a67e9eeb4ed6f8c3e4a044fb72a2
https://www.virustotal.com/es/analisis/2203f2074fe6d8535f0c0219761705371276a67e9eeb4ed6f8c3e4a044fb72a2-1276285638 (https://www.virustotal.com/es/analisis/2203f2074fe6d8535f0c0219761705371276a67e9eeb4ed6f8c3e4a044fb72a2-1276285638)
VT 22/41 (53.66%)
Code: [Select]
hxxp://vopret.ru/www/www.php
Code: [Select]
hxxp://vopret.ru/www/2kill.exemd5sum ===> 5b85db109d6751045641953f439cd77d
SHA256 ===>  a26976206edc66d1a18b4bcfc8049be3f2034c99b854a6a10ca13683aa086511
https://www.virustotal.com/es/analisis/a26976206edc66d1a18b4bcfc8049be3f2034c99b854a6a10ca13683aa086511-1276285849 (https://www.virustotal.com/es/analisis/a26976206edc66d1a18b4bcfc8049be3f2034c99b854a6a10ca13683aa086511-1276285849)
VT 13/41 (31.71%)
Code: [Select]
hxxp://vopret.ru/www/2killaa.exemd5sum ===> fdb057775d942e39c1b1b9f4df4a0ad9
SHA256 ===>  37726611ff1b3ab941f8a7957683b14f7e78c4ad98d7498d9524d9e58dd6ef34
https://www.virustotal.com/es/analisis/37726611ff1b3ab941f8a7957683b14f7e78c4ad98d7498d9524d9e58dd6ef34-1276285944 (https://www.virustotal.com/es/analisis/37726611ff1b3ab941f8a7957683b14f7e78c4ad98d7498d9524d9e58dd6ef34-1276285944)
VT 22/41 (53.66%)
Code: [Select]
hxxp://vopret.ru/www/2rapport.exemd5sum ===> 6eacbf441acee0b418dec38a9ba4c
SHA256 ===>  6464293f8ed8408d4c70774c5bf8ba41a464a18a002bfcf182c0d9e874481603
https://www.virustotal.com/es/analisis/6464293f8ed8408d4c70774c5bf8ba41a464a18a002bfcf182c0d9e874481603-1276286031 (https://www.virustotal.com/es/analisis/6464293f8ed8408d4c70774c5bf8ba41a464a18a002bfcf182c0d9e874481603-1276286031)
VT 13/41 (31.71%)

Other malware:
IP Location: Russian Federation - MASTERHOST-AS .masterhost autonomous system
IP 87.242.112.36
[lweb01.win.masterhost.ru]
AS25532
Email Registrant: 295971@gmail.com
Code: [Select]
hxxp://car-seobuk.ru/nnb.exemd5sum ===> 0d8febdc223f9bf2648884452f158b6e
SHA256 ===>  ebdb3e45036b857638ab93c49043bf4d26855978aadb9b9baaa9a5a01dd5c6c2
https://www.virustotal.com/es/analisis/ebdb3e45036b857638ab93c49043bf4d26855978aadb9b9baaa9a5a01dd5c6c2-1276294113 (https://www.virustotal.com/es/analisis/ebdb3e45036b857638ab93c49043bf4d26855978aadb9b9baaa9a5a01dd5c6c2-1276294113)
VT 2/41 (4.88%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 13, 2010, 11:59:40 am
Code: [Select]
hxxp://realfun.ro/coaie-in-cacat-da-mi-10-mii/cfg.binmd5sum ===> 1a3ad54c9365455d271e7ea6ad0f1ec1
SHA256 ===> 1f7ac272affea9e3473304973046dcaf7137a5090df5955685d52162520e742b
Code: [Select]
hxxp://realfun.ro/coaie-in-cacat-da-mi-10-mii/bt.exemd5sum ===> 3dab316bfe25c3625a902857abaf5943
SHA256 ===> 14d31eea019036ebb25900de024c1e720c4a17764583fcab4ff0c026ef021435
https://www.virustotal.com/es/analisis/14d31eea019036ebb25900de024c1e720c4a17764583fcab4ff0c026ef021435-1276429543 (https://www.virustotal.com/es/analisis/14d31eea019036ebb25900de024c1e720c4a17764583fcab4ff0c026ef021435-1276429543)
VT 31/41 (75.61%)
Code: [Select]
hxxp://realfun.ro/coaie-in-cacat-da-mi-10-mii/gate.php
Code: [Select]
hxxp://solaruploader.net/asddd!!!rrrrred.exemd5sum ===> fe9d39d618805cfdb82edaede9de9ba2
SHA256 ===>  800aaa1edf7666c8a4d020fe0a3a6d31962d84493ccf700b3612e29c32be5b23
https://www.virustotal.com/es/analisis/800aaa1edf7666c8a4d020fe0a3a6d31962d84493ccf700b3612e29c32be5b23-1276423342 (https://www.virustotal.com/es/analisis/800aaa1edf7666c8a4d020fe0a3a6d31962d84493ccf700b3612e29c32be5b23-1276423342)
VT 17/41 (41.46%)

other malware:
trojan:
Code: [Select]
hxxp://rapidshare.com/files/397628748/ppi.exemd5sum ===> 8fe3db9fa280ff53c6e57d061c50e4f3
SHA256 ===>  2a8b3e704c3bd033c2b9bc40b0b03a40b5998c6ae592f4c3066905373f76758c
https://www.virustotal.com/es/analisis/2a8b3e704c3bd033c2b9bc40b0b03a40b5998c6ae592f4c3066905373f76758c-1276419436 (https://www.virustotal.com/es/analisis/2a8b3e704c3bd033c2b9bc40b0b03a40b5998c6ae592f4c3066905373f76758c-1276419436)
VT 8/41 (19.52%)
TDSS:
Code: [Select]
hxxp://rapidshare.com/files/398031712/ppi2.exemd5sum ===> ab4dcdc5e643961f10294cc3c0fd9b96
SHA256 ===>  5c763daa87605596ae242dd89a38fbbd9dfce548d1fbeef41f1b8d3b77a9fca9
https://www.virustotal.com/es/analisis/5c763daa87605596ae242dd89a38fbbd9dfce548d1fbeef41f1b8d3b77a9fca9-1276418852 (https://www.virustotal.com/es/analisis/5c763daa87605596ae242dd89a38fbbd9dfce548d1fbeef41f1b8d3b77a9fca9-1276418852)
VT 6/41 (14.64%)
Trojan Downl:
Code: [Select]
hxxp://rapidshare.com/files/398019781/GoldenInstall11.exemd5sum ===> ec0bdce9e3c8b2e9d7180a9903b062a9
SHA256 ===>  651d2a20144cbb612a347e6878e4c4839b952a65d94b6ec51e64478bd5f1c701
https://www.virustotal.com/es/analisis/651d2a20144cbb612a347e6878e4c4839b952a65d94b6ec51e64478bd5f1c701-1276419304 (https://www.virustotal.com/es/analisis/651d2a20144cbb612a347e6878e4c4839b952a65d94b6ec51e64478bd5f1c701-1276419304)
VT 24/41 (58.54%)

Title: Re: New files for Zeus servers
Post by: jackberri on June 14, 2010, 05:34:44 pm
Code: [Select]
hxxp://solaruploader.net/aaaaaaaaaaa111.exemd5sum ===> 576fae63a4b52c7df579894211faa1c2
SHA256 ===>  f6e9bbcba4742463d8e2449052676b436251c145ae78c3b60cbf3df719663ddc
http://www.virustotal.com/es/analisis/f6e9bbcba4742463d8e2449052676b436251c145ae78c3b60cbf3df719663ddc-1276535955 (http://www.virustotal.com/es/analisis/f6e9bbcba4742463d8e2449052676b436251c145ae78c3b60cbf3df719663ddc-1276535955)
VT 16/41 (39.03%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 17, 2010, 07:04:35 pm
Code: [Select]
hxxp://solaruploader.net/aaaaaaaaaaa1112.exemd5sum ===> 4fd820ce6877dc59636745b341a90b5a
SHA256 ===>  dae694b7e13d6126f82f6a2b83bb033bd4db56445b6518375e415414fb09fe81
http://www.virustotal.com/es/analisis/dae694b7e13d6126f82f6a2b83bb033bd4db56445b6518375e415414fb09fe81-1276801261 (http://www.virustotal.com/es/analisis/dae694b7e13d6126f82f6a2b83bb033bd4db56445b6518375e415414fb09fe81-1276801261)
VT 6/40 (15%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 21, 2010, 09:07:50 am
Code: [Select]
hxxp://zeus-hosted.sytes.net/zs/builder/config.binmd5sum ===> 7c706c05ec5180ba49dfebf48f1cce14
SHA256 ===>  953c5a3ad2bdf29bb74d32d7ac528ca97c8d140cff651f05a921ba11f557bb53
Code: [Select]
hxxp://zeus-hosted.sytes.net/zs/web/config.binmd5sum ===> 4ddfbd06fbc1c4c6e2952e98ffdc950d
SHA256 ===>  f7c63fa482304d2b3dc49d56d75140c8c5544d44d761bc3db8217bbf323d67f4
Code: [Select]
hxxp://zeus-hosted.sytes.net/zs/web/bot.exemd5sum ===> eb03bde56e7734c73d355d1100ddde8c
SHA256 ===>  5a9a2d5bdc04c4cd0292aba19f67ccd4c18225425ea251337171b9094be45570
[urlhttp://www.virustotal.com/analisis/5a9a2d5bdc04c4cd0292aba19f67ccd4c18225425ea251337171b9094be45570-1277094595[/url]
VT 37/41 (90.24%)
Code: [Select]
hxxp://zeus-hosted.sytes.net/zs/builder/bot.exemd5sum ===> 576230ab15b10527a0c82f0caa002908
SHA256 ===>  c63fdd4f3f64723cd7913002f557a5f1ae9d56e3772e69daa36c13a4522927de
[urlhttp://www.virustotal.com/es/analisis/c63fdd4f3f64723cd7913002f557a5f1ae9d56e3772e69daa36c13a4522927de-1277110643[/url]
VT 31/41 (75.61%)
Code: [Select]
hxxp://zeus-hosted.sytes.net/zs/web/gate.php
Title: Re: New files for Zeus servers
Post by: jackberri on June 22, 2010, 10:15:29 am
zeus trojan:
Code: [Select]
hxxp://kldmten.net/hty/dm.exemd5sum ===> 732398f32a5a04071b3c588083d0a7e4
SHA256 ===>  30c3ab12b75aec42b10ed91b4f0c1463f9ac8a4f01e9a1ef951e281ff8a1df4a
http://www.virustotal.com/es/analisis/30c3ab12b75aec42b10ed91b4f0c1463f9ac8a4f01e9a1ef951e281ff8a1df4a-1277201318 (http://www.virustotal.com/es/analisis/30c3ab12b75aec42b10ed91b4f0c1463f9ac8a4f01e9a1ef951e281ff8a1df4a-1277201318)
VT 10/41 (24.4%)
trojan:
Code: [Select]
hxxp://kldmten.net/hty/rap.exemd5sum ===> e03decab08b2a7e0aec4f41eb8196012
SHA256 ===>  d432c85a440aefaf931253d7ee7c4ed4715c13d3c9978cae3784154cf3b65680
http://www.virustotal.com/es/analisis/d432c85a440aefaf931253d7ee7c4ed4715c13d3c9978cae3784154cf3b65680-1277201084 (http://www.virustotal.com/es/analisis/d432c85a440aefaf931253d7ee7c4ed4715c13d3c9978cae3784154cf3b65680-1277201084)
VT 5/41 (12.2%)


other malware:
botnet C&C
IP Location: Kazakhstan - Alfa-host Llp
IP 93.105.207.10
AS50793
Registrant/Email Registrant: Nini Lee/ninilee@yahoo.com
Code: [Select]
hxxp://a7f12.com/knock.php?n=88B1E97E&s=seller-01
Title: Re: New files for Zeus servers
Post by: jackberri on June 23, 2010, 06:37:27 am
Code: [Select]
hxxp://solaruploaderz.com/dddddddd1.exemd5sum ===> 4f348c89cda069a5c563a8308b31a660
SHA256 ===>  25d0c3698689bde615e3bd3df4df537243e8095b9004f4fee9de7ce80ec6c47b
http://www.virustotal.com/es/analisis/25d0c3698689bde615e3bd3df4df537243e8095b9004f4fee9de7ce80ec6c47b-1277237814 (http://www.virustotal.com/es/analisis/25d0c3698689bde615e3bd3df4df537243e8095b9004f4fee9de7ce80ec6c47b-1277237814)
VT 11/41 (26.83%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 24, 2010, 05:46:30 pm
Code: [Select]
hxxp://hikmesanbukais.com/hdsr/dst/misks.binmd5sum ===> 27e47a35122eb351657b3b66c209b6c6
SHA256 ===>  071f1673db7941a5eb519644c1ad8ec6863f15fbfe0c87532d1bc3fec23586d0
Code: [Select]
hxxp://hikmesanbukais.com/kl/kn.exemd5sum ===> bd4448ccd7cf17f81914f1e95226e3ee
SHA256 ===>  4b5d3a1f51a45f502b0ba202a057d523fbce1b5102f02168767d342f0bdc2e67
http://www.virustotal.com/es/analisis/4b5d3a1f51a45f502b0ba202a057d523fbce1b5102f02168767d342f0bdc2e67-1277400991 (http://www.virustotal.com/es/analisis/4b5d3a1f51a45f502b0ba202a057d523fbce1b5102f02168767d342f0bdc2e67-1277400991)
VT 5/41 (12.2%)
Code: [Select]
hxxp://hikmesanbukais.com/hdsr/dst/lob.php
Title: Re: New files for Zeus servers
Post by: jackberri on June 24, 2010, 10:47:36 pm
Code: [Select]
hxxp://googleanalisys.net/web/temp/java.binmd5sum ===> caa24b3731531b991c90beef3cc44d6e
SHA256 ===>  f1d24820d14c7f99e6157f72a0e76372da1aa2d86e1e44bb62c2abac8c30a0cb
Code: [Select]
hxxp://googleanalisys.net/web/temp/calc.exemd5sum ===> 535e0a43b0be05c13fc598c09cd627dd
SHA256 ===>  bec24016b1f4137f74722fe7ea6d77246587d1ca9fbe17ddea5840a6201b5903
http://www.virustotal.com/es/analisis/bec24016b1f4137f74722fe7ea6d77246587d1ca9fbe17ddea5840a6201b5903-1277419465 (http://www.virustotal.com/es/analisis/bec24016b1f4137f74722fe7ea6d77246587d1ca9fbe17ddea5840a6201b5903-1277419465)
VT 13/40 (32.5%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 25, 2010, 06:05:32 pm
IP Location: Moldova - Donstroy Ltd
IP 194.8.250.103
AS43134
Registrant/Registrant Email: alex bikov/3807678492454s@gmail.com
Code: [Select]
hxxp://ceters.net/eeeeeeeeee1.exemd5sum ===> 7eeeeae7ba90446d8375fdd8546d5d5e
SHA256 ===>  9caed831930bd11295c7b670542131c3d7220f93a3d1ce90e0ec0d013137d7a8
http://www.virustotal.com/es/analisis/9caed831930bd11295c7b670542131c3d7220f93a3d1ce90e0ec0d013137d7a8-1277488473 (http://www.virustotal.com/es/analisis/9caed831930bd11295c7b670542131c3d7220f93a3d1ce90e0ec0d013137d7a8-1277488473)
VT 11/41 (26.83%)
related:
Code: [Select]
hxxp://www.cetere.net
Title: Re: New files for Zeus servers
Post by: jackberri on June 26, 2010, 10:53:15 am
Code: [Select]
hxxp://www.dahzunaeye.ru/bin/teemaeko.binmd5sum ===> dff0e01c9eea9437b2100ddfbb950267
SHA256 ===>  98cbebc449baa28687854910eb10144f9de36b125d1a5cea725438d9a85be517
Code: [Select]
hxxp://www.dahzunaeye.ru/bin/teemaeko.exemd5sum ===> d63fd6f21031f6b9b52b552525c77d35
SHA256 ===>  93e6d43d7b4d957f40d7d164ae7fc215a1c6ee94ef4ba4e7e54f482a8efd4a45
Code: [Select]
hxxp://www.dahzunaeye.ru/9xq/_gate.php
Code: [Select]
hxxp://railuhocal.ru/bin/teemaeko.exemd5sum ===> d63fd6f21031f6b9b52b552525c77d35
SHA256 ===>  93e6d43d7b4d957f40d7d164ae7fc215a1c6ee94ef4ba4e7e54f482a8efd4a45
Title: Re: New files for Zeus servers
Post by: jackberri on June 27, 2010, 05:01:18 pm
Code: [Select]
hxxp://hikmesanbukais.com/hdsr/dst/misks.binmd5sum ===> 27e47a35122eb351657b3b66c209b6c6
SHA256 ===>  071f1673db7941a5eb519644c1ad8ec6863f15fbfe0c87532d1bc3fec23586d0
Code: [Select]
hxxp://hikmesanbukais.com/ks/v.exemd5sum ===> 940f983178da5e2f95c655480e82ad11
SHA256 ===>  8e4426c4d1c049c176acc302b7dfd05050d998005aa9742f80e5669fb31682cf
http://www.virustotal.com/es/analisis/8e4426c4d1c049c176acc302b7dfd05050d998005aa9742f80e5669fb31682cf-1277657543 (http://www.virustotal.com/es/analisis/8e4426c4d1c049c176acc302b7dfd05050d998005aa9742f80e5669fb31682cf-1277657543)
VT 16/41 (39.03%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 27, 2010, 10:35:09 pm
New md5sum:
Code: [Select]
hxxp://uk-microsoft.com/src/update.exemd5sum ===> aa1956f30620c9d2056d39ad66ca3ba2
SHA256 ===>  680b471413f6f5ddd70a9513ee42821687e1eac516fade910b1753eb7aa5e65d
http://www.virustotal.com/es/analisis/680b471413f6f5ddd70a9513ee42821687e1eac516fade910b1753eb7aa5e65d-1277677999 (http://www.virustotal.com/es/analisis/680b471413f6f5ddd70a9513ee42821687e1eac516fade910b1753eb7aa5e65d-1277677999)
VT 3/41 (7.32%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 28, 2010, 06:52:11 am
Code: [Select]
hxxp://uk-microsoft.com/src/time.exemd5sum ===> 14801dc53f5a184d72cbb2324d81a0af
SHA256 ===>  f8a434dc37326bee32bc06273958b6d38faca8f4f8cce5e05e6796287988677f
http://www.virustotal.com/es/analisis/f8a434dc37326bee32bc06273958b6d38faca8f4f8cce5e05e6796287988677f-1277707613 (http://www.virustotal.com/es/analisis/f8a434dc37326bee32bc06273958b6d38faca8f4f8cce5e05e6796287988677f-1277707613)
VT 3/40 (7.5%)
Code: [Select]
hxxp://uk-microsoft.com/aaaa/11g.php
Title: Re: New files for Zeus servers
Post by: jackberri on June 29, 2010, 08:56:35 am
Code: [Select]
hxxp://ceters.net/dddddddddd10.exemd5sum ===> 15d53ba3255c75d2ccaca6e0b79e20ce
SHA256 ===>  e46fc73a645de6dec5a08da40196eae2db141a5f86ba7cdbf484d5ee7bd6d08e
http://www.virustotal.com/es/analisis/e46fc73a645de6dec5a08da40196eae2db141a5f86ba7cdbf484d5ee7bd6d08e-1277801571 (http://www.virustotal.com/es/analisis/e46fc73a645de6dec5a08da40196eae2db141a5f86ba7cdbf484d5ee7bd6d08e-1277801571)
VT 16/41 (39.03%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 29, 2010, 03:30:06 pm
Code: [Select]
hxxp://ootaivilei.ru/bin/saejuogi.binmd5sum ===> 4e21d41a60a0719429bcac67af65bdac
SHA256 ===>  e462a06e8676140df372397cc0cb1d9fcbc32b1e5fffa616dbc027faae5dc885
Code: [Select]
hxxp://ootaivilei.ru/bin/eegotook.binmd5sum ===> 1ea88c9252f5ba79e11746c546b07ad3
SHA256 ===>  5b7e0834dcf2a006eadd6a60fd89157a3a8f6102633452ffef92b713470d2490
Code: [Select]
hxxp://ootaivilei.ru/bin/saejuogi.exemd5sum ===> 067066b17486d73e6f2572eb79b1391c
SHA256 ===>  fa968ce80cfd8f577aebcbc9780624868504979a5de72339be54a01ef5e81586
http://www.virustotal.com/es/analisis/fa968ce80cfd8f577aebcbc9780624868504979a5de72339be54a01ef5e81586-1277818580 (http://www.virustotal.com/es/analisis/fa968ce80cfd8f577aebcbc9780624868504979a5de72339be54a01ef5e81586-1277818580)
VT 17/41 (41.47%)
Code: [Select]
hxxp://ootaivilei.ru/bin/eegotook.exemd5sum ===> a86678a1bac1dcb5b0cfd2cf61f259f0
SHA256 ===>  c55fe44725f6ae79a925ecf9322dadbdd6a474c6ee1d57c5ed05eaf557446906
http://www.virustotal.com/es/analisis/c55fe44725f6ae79a925ecf9322dadbdd6a474c6ee1d57c5ed05eaf557446906-1277819443 (http://www.virustotal.com/es/analisis/c55fe44725f6ae79a925ecf9322dadbdd6a474c6ee1d57c5ed05eaf557446906-1277819443)
VT 16/39 (41.03%)
dropzones:
Code: [Select]
hxxp://iesahnaepi.ru/y93/_gate.php
hxxp://iesahnaepi.ru/k1o/_gate.php
Title: Re: New files for Zeus servers
Post by: jackberri on July 02, 2010, 03:05:56 pm
Code: [Select]
hxxp://ceters.net/ggggggg5.exemd5sum ===> 303528095aa6ccb665c3137036117402
SHA256 ===>  3901318352f9bc11a83ab5213501cb3bec19b1e6eaaeb913b511ee893552230a
http://www.virustotal.com/es/analisis/3901318352f9bc11a83ab5213501cb3bec19b1e6eaaeb913b511ee893552230a-1278082004 (http://www.virustotal.com/es/analisis/3901318352f9bc11a83ab5213501cb3bec19b1e6eaaeb913b511ee893552230a-1278082004)
VT 14/41 (34.15%)

other malware:
downloader:
Code: [Select]
hxxp://ceterx.com/new/js/backoffstoplying.jsmd5sum ===> fca29c7406083a952535d57c197b75d4
SHA256 ===>  2d16dc0c50498dfbf0bc309acea8361c3401c50d05a4bdb831f50d0b80685343
http://www.virustotal.com/es/analisis/2d16dc0c50498dfbf0bc309acea8361c3401c50d05a4bdb831f50d0b80685343-1278082311 (http://www.virustotal.com/es/analisis/2d16dc0c50498dfbf0bc309acea8361c3401c50d05a4bdb831f50d0b80685343-1278082311)
VT 3/41 (7.32%)
http://wepawet.iseclab.org/view.php?hash=724e2a01bb21e4c4f43c573d484dba8e&t=1278082704&type=js (http://wepawet.iseclab.org/view.php?hash=724e2a01bb21e4c4f43c573d484dba8e&t=1278082704&type=js)

Trojan Bancos:
IP Location:  Russian Federation - COMSTAR -Direct global network CJSC COMSTAR-Direct 
IP 82.204.219.224
[ftp.front.ru]
AS8359
Code: [Select]
hxxp://modlus2.front.ru/hot.jpgmd5sum ===> be65a65a747eb778994c4617cc5acbc3
SHA256 ===>  fe9f0c9d8825cf1c0f59a90aa2c3ff18bfd11833fdce2409770490d5b61916bc
http://www.virustotal.com/es/analisis/fe9f0c9d8825cf1c0f59a90aa2c3ff18bfd11833fdce2409770490d5b61916bc-1278065960 (http://www.virustotal.com/es/analisis/fe9f0c9d8825cf1c0f59a90aa2c3ff18bfd11833fdce2409770490d5b61916bc-1278065960)
VT 9/41 (21.96%)

Trojan:
IP Location:  China - Proxy-registered route object - CHINA-TELECOM
IP 122.226.213.143
AS4134
Registrant/Registrant Email: chenzhi/284734@qq.com
Code: [Select]
hxxp://js.222233.com/PPlive.jsmd5sum ===> 4a3045f0d1260224ddb16ffff98d2d33
SHA256 ===>  49f54cf8c0df1d4807ed585bf6bc1e45a3e6f12a01c169ddffdf55a8aba98c7c
http://www.virustotal.com/es/analisis/49f54cf8c0df1d4807ed585bf6bc1e45a3e6f12a01c169ddffdf55a8aba98c7c-1278025104 (http://www.virustotal.com/es/analisis/49f54cf8c0df1d4807ed585bf6bc1e45a3e6f12a01c169ddffdf55a8aba98c7c-1278025104)
VT 18/39 (46.16%)
Title: Re: New files for Zeus servers
Post by: jackberri on July 03, 2010, 12:25:13 pm
Code: [Select]
hxxp://railuhocal.ru/bin/oovaenai.binmd5sum ===> 2f7bfd790ec437f67b53b660a6683f1a
SHA256 ===>  4a734a2591b9f775afea198984cf304101c110240f3deb0e1422ad374ea3b093
Code: [Select]
hxxp://railuhocal.ru/bin/oovaenai.exemd5sum ===> 2a6e5b95ed946c22aa1949607812c9ff
SHA256 ===>  f871382769093e244c0fef47100d525ac37e195dbb2421d6520de0a4d713740d
http://www.virustotal.com/es/analisis/f871382769093e244c0fef47100d525ac37e195dbb2421d6520de0a4d713740d-1278156985 (http://www.virustotal.com/es/analisis/f871382769093e244c0fef47100d525ac37e195dbb2421d6520de0a4d713740d-1278156985)
VT 19/41 (46.35%)

Code: [Select]
hxxp://dahzunaeye.ru/bin/oovaenai.binmd5sum ===> 2f7bfd790ec437f67b53b660a6683f1a
SHA256 ===>  4a734a2591b9f775afea198984cf304101c110240f3deb0e1422ad374ea3b093
Code: [Select]
hxxp://dahzunaeye.ru/bin/oovaenai.exemd5sum ===> 2a6e5b95ed946c22aa1949607812c9ff
SHA256 ===>  f871382769093e244c0fef47100d525ac37e195dbb2421d6520de0a4d713740d
http://www.virustotal.com/es/analisis/f871382769093e244c0fef47100d525ac37e195dbb2421d6520de0a4d713740d-1278156985 (http://www.virustotal.com/es/analisis/f871382769093e244c0fef47100d525ac37e195dbb2421d6520de0a4d713740d-1278156985)
VT 19/41 (46.35%)
Title: Re: New files for Zeus servers
Post by: jackberri on July 07, 2010, 12:39:00 pm
Code: [Select]
hxxp://iesahnaepi.ru/bin/eegotook.binmd5sum ===> 85326512e227ec059a7fad3644431645
SHA256 ===>  89b5dd861cdd9e2a521be094f06380faae680294fa7c42b828ddd3cf019f4044
Code: [Select]
hxxp://iesahnaepi.ru/bin/eegotook.exemd5sum ===> 30bdeaf4afee29585bd1ecb867399ec9
SHA256 ===>  4eb5510acc6608ab0ee93780a245793a4055b8df600f6f2fdb88deffcce93ae1
http://www.virustotal.com/es/analisis/4eb5510acc6608ab0ee93780a245793a4055b8df600f6f2fdb88deffcce93ae1-1278319106 (http://www.virustotal.com/es/analisis/4eb5510acc6608ab0ee93780a245793a4055b8df600f6f2fdb88deffcce93ae1-1278319106)
VT 28/41 (68.3%)

Code: [Select]
hxxp://dahzunaeye.ru/bin/teemaeko.binmd5sum ===> 9415787c8dbf5c16d63f3d391e8e0888
SHA256 ===>  fe4d3da5055f304cfccdcb7d09570a0770e172e5385fd09044fda0a5e9ce6776
Code: [Select]
hxxp://dahzunaeye.ru/bin/teemaeko.exemd5sum ===> e56ee64fc88aeace6472ff4bad5268ae
SHA256 ===>  3964067c54b4f8a7242f9af2f59aecc826f6c38b55eab99b8a7c4e0fa03959ad
http://www.virustotal.com/es/analisis/3964067c54b4f8a7242f9af2f59aecc826f6c38b55eab99b8a7c4e0fa03959ad-1278319188 (http://www.virustotal.com/es/analisis/3964067c54b4f8a7242f9af2f59aecc826f6c38b55eab99b8a7c4e0fa03959ad-1278319188)
VT 28/41 (68.3%)

Code: [Select]
hxxp://91.194.0.21/FIFA2010_spm.binmd5sum ===> 926d6c49b10ec9e11c18e1db9b59cc62
SHA256 ===>  8a3068b3fb93ef08b859234b79e7f7a367bf9c00618d8c2764b3183cace45029

Code: [Select]
hxxp://hikmesanbukais.com/gh/ul.exemd5sum ===> 4eb030bf55e707e17efa721f67b44325
SHA256 ===>  37299806100faee7ccf45335cefc5d3d79838a082eb77b381300e263c71dae2d
http://www.virustotal.com/es/analisis/37299806100faee7ccf45335cefc5d3d79838a082eb77b381300e263c71dae2d-1278395067 (http://www.virustotal.com/es/analisis/37299806100faee7ccf45335cefc5d3d79838a082eb77b381300e263c71dae2d-1278395067)
VT 11/41 (26.83%)
Title: Re: New files for Zeus servers
Post by: jackberri on July 10, 2010, 08:49:28 am
related zeusbotnet malware:
IP Location: Russian Federation - VHost route - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.68
AS29106
Registrant/Registrant Email: Addel Lois/admin@goodndservice.net
Code: [Select]
hxxp://winupdatedll.com/cp/tasksz.php?dcredir to:
Code: [Select]
hxxp://winupdatedll.com/cp/l/28/593a424d4448c85a0bdd1eb972f7d25b/68b45a268fd8730d070f97bf823013a0downloads ===> 1.exe
md5sum ===> c7038a0972d045cba908fac6c2052211
SHA256 ===>  7ad893c44bda9ded0ed6d3b1dfcd998cf3da0126d9711d28f43c4cafae7c95c0
http://www.virustotal.com/es/analisis/7ad893c44bda9ded0ed6d3b1dfcd998cf3da0126d9711d28f43c4cafae7c95c0-1278750179 (http://www.virustotal.com/es/analisis/7ad893c44bda9ded0ed6d3b1dfcd998cf3da0126d9711d28f43c4cafae7c95c0-1278750179)
VT 8/40 (20%)

related:
Code: [Select]
hxxp://yandexsecurity.com/grabber.pcp
Code: [Select]
hxxp://googlewinads.com
Title: Re: New files for Zeus servers
Post by: jackberri on July 11, 2010, 03:00:09 pm
Code: [Select]
hxxp://esvr1.ru/bin/pooveogh.binmd5sum ===> c10746cfbe6732910be88b877eeeacdf
SHA256 ===>  486113f361021883bebcd5328480b474dfff86c288dfd10f686337d31c965456
Code: [Select]
hxxp://esvr1.ru/bin/pooveogh.exemd5sum ===> 980498513ea849acaf6d75ef0803ddab
SHA256 ===>  b9214bc3c3c9da9968585a0d3ec030ebbc69bfcc092c12288086167c228dfb12
http://www.virustotal.com/es/analisis/b9214bc3c3c9da9968585a0d3ec030ebbc69bfcc092c12288086167c228dfb12-1278784528 (http://www.virustotal.com/es/analisis/b9214bc3c3c9da9968585a0d3ec030ebbc69bfcc092c12288086167c228dfb12-1278784528)
VT 37/41 (90.25%)

related zeusbotnet malware:
IP Location: United Kingdom  - Telos route object - Telos-Solutions-AS
IP 91.212.127.40
AS49087
Registrant/Registrant Email: Oleg V Feodosov/ol.feodosoff@yandex.ru
Code: [Select]
hxxp://musiceng.ru/files/.upl10/n79c.exemd5sum ===> fdbd5f3c37f8b21eabf726a301573d0b
SHA256 ===>  e1759bf3bd26236898b785449b15c92150c9781f2414aca0f818ac53442e5b0b
http://www.virustotal.com/es/analisis/e1759bf3bd26236898b785449b15c92150c9781f2414aca0f818ac53442e5b0b-1278859390 (http://www.virustotal.com/es/analisis/e1759bf3bd26236898b785449b15c92150c9781f2414aca0f818ac53442e5b0b-1278859390)
VT 18/41 (43.91%)
Title: Re: New files for Zeus servers
Post by: jackberri on July 11, 2010, 05:54:29 pm
Code: [Select]
hxxp://ceters.net/eeeeeeee9.exemd5sum ===> 3f65f39e30a4fb4b0bcf14c967810c54
SHA256 ===>  0c83698866b52db4fd012e0b6b21c46eac1e60be97ae05b90467c8dc2c2841f4
http://www.virustotal.com/es/analisis/0c83698866b52db4fd012e0b6b21c46eac1e60be97ae05b90467c8dc2c2841f4-1278866110 (http://www.virustotal.com/es/analisis/0c83698866b52db4fd012e0b6b21c46eac1e60be97ae05b90467c8dc2c2841f4-1278866110)
VT 12/41 (29.27%)
Title: Re: New files for Zeus servers
Post by: jackberri on July 12, 2010, 07:06:43 pm
New IP
IP Location: Russian Federation - Wahome IP's - WEBALTA-AS OAO
IP 92.241.190.170
[heihachi.net]
AS41947
Registrant/Registrant Email: Aleksandr V Slabkov/slabkov@intimatefire.com
Code: [Select]
hxxp://lightobmen.ru/robo/gate.php
Title: Re: New files for Zeus servers
Post by: jackberri on July 14, 2010, 08:45:56 am
Code: [Select]
hxxp://113.11.194.175/uk/win7.exemd5sum ===> 34785719f9f106ea4183e081a1497cb7
SHA256 ===>  0e5c5094a6ce984463f30f2fc37dd183231eb2a9a97249b7e98df50d05dbc36c
http://www.virustotal.com/es/analisis/0e5c5094a6ce984463f30f2fc37dd183231eb2a9a97249b7e98df50d05dbc36c-1279096874 (http://www.virustotal.com/es/analisis/0e5c5094a6ce984463f30f2fc37dd183231eb2a9a97249b7e98df50d05dbc36c-1279096874)
VT 1/42 (2.39%)
Code: [Select]
hxxp://113.11.194.175/us/usow.exemd5sum ===> 8603e529ee23ac7e1213d5b5e14c66d7
SHA256 ===>  0b6011098e5880f310ffa69dc7eef1f5a426ce185ae8bfd495013311f74a46c0
http://www.virustotal.com/es/analisis/0b6011098e5880f310ffa69dc7eef1f5a426ce185ae8bfd495013311f74a46c0-1279096600 (http://www.virustotal.com/es/analisis/0b6011098e5880f310ffa69dc7eef1f5a426ce185ae8bfd495013311f74a46c0-1279096600)
VT 9/42 (21.43%)
Title: Re: New files for Zeus servers
Post by: jackberri on July 14, 2010, 06:54:54 pm
Code: [Select]
hxxp://railuhocal.ru/bin/thaigogo.binmd5sum ===> ac55f3292c00346666fb3f401cbc1f97
SHA256 ===>  631e5d17ad0d437a506f26589e74bf4077e4b0934da2d4e290f81500be3152cd
Code: [Select]
hxxp://railuhocal.ru/bin/thaigogo.exemd5sum ===> b667d75f5bb9f23a8ae249f7de4000a5
SHA256 ===>  5f732cf733a052d2bba3a360e7a7994bb3ccdd76aa036b5f6777ab78164d0037
http://www.virustotal.com/es/analisis/5f732cf733a052d2bba3a360e7a7994bb3ccdd76aa036b5f6777ab78164d0037-1279133102 (http://www.virustotal.com/es/analisis/5f732cf733a052d2bba3a360e7a7994bb3ccdd76aa036b5f6777ab78164d0037-1279133102)
VT 15/42 (35.72%)
Title: Re: New files for Zeus servers
Post by: jackberri on July 16, 2010, 09:26:00 am
Code: [Select]
hxxp://deltalloydbusinesscourse.nl/ban00.jpgmd5sum ===> a9864591fc381a554c570e5ad6084866
SHA256 ===>  9e18ffbd762e6a102d6f06ca5b20bd9c2ffc10bb3bcc565a47eee048319b75fb
http://www.virustotal.com/es/analisis/9e18ffbd762e6a102d6f06ca5b20bd9c2ffc10bb3bcc565a47eee048319b75fb-1279262244 (http://www.virustotal.com/es/analisis/9e18ffbd762e6a102d6f06ca5b20bd9c2ffc10bb3bcc565a47eee048319b75fb-1279262244)
VT 11/42 (26.2%)
related:
Code: [Select]
hxxp://visvrienden.nl/wp-includes/images/banner.gifrelated (already listed):
Code: [Select]
http://www.listwowgame.com/webstate/webstat.php
Title: Re: New files for Zeus servers
Post by: jackberri on July 25, 2010, 05:38:03 pm
IP Location: Vietnam - QTSC-AS-VN Quang Trung Software
IP 202.78.227.112
AS24085
Registrant/Registrant Email: Alexey Rastov/moons@qx8.ru
Code: [Select]
hxxp://jsonphp.net/x48x58/nsh.jpgmd5sum ===> 309f5e0484562faf95b13fb8428fdb40
Title: Re: New files for Zeus servers
Post by: jackberri on July 26, 2010, 04:38:04 pm
Code: [Select]
hxxp://untitled-themovie.com/baner.jpgmd5sum ===> 7b9cf8d10c1081ce482239e00ec82066
http://www.virustotal.com/es/analisis/5522865b6640101c167e612763901761619c24458dd5ce6e591d86ca8cbcf736-1280149448 (http://www.virustotal.com/es/analisis/5522865b6640101c167e612763901761619c24458dd5ce6e591d86ca8cbcf736-1280149448)
VT 36/42 (85.72%)
related (already listed):
Code: [Select]
hxxp://www.pifa.se/banner.gif
Code: [Select]
hxxp://jeffs-koreskole.dk/baner.jpgmd5sum ===> 810f7046d9e29831d8f05b0e7bb39575
http://www.virustotal.com/es/analisis/280536705de5e7590a1fb80f38a1f604e067167978bdad4614ff9c3f93a5b9e3-1280150402 (http://www.virustotal.com/es/analisis/280536705de5e7590a1fb80f38a1f604e067167978bdad4614ff9c3f93a5b9e3-1280150402)
VT 17/42 (40.48%)
related (already listed):
Code: [Select]
hxxp://www.pifa.se/banner.gif
IP Location: United States - ThePlanet.com Internet Services, Inc. - THEPLANET-AS2
IP 174.120.243.92
[5c.f3.78ae.static.theplanet.com]
AS21844
Registrant/Registrant Email: Derrick Walker/support@hostgator.com
Code: [Select]
hxxp://nickiminajbuttexsposed.com/system/cache/cmd.exemd5sum ===> b70014b789ce309619505e83c424a641
http://www.virustotal.com/es/analisis/12ea5ae8937fde8e57451867c6e88beaca75518340e76bc7fc802f09409759d9-1280160523 (http://www.virustotal.com/es/analisis/12ea5ae8937fde8e57451867c6e88beaca75518340e76bc7fc802f09409759d9-1280160523)
VT 24/42 (57.15%)
related (already listed):
Code: [Select]
hxxp://regflinbullst.net/mas/cfg.bin
Title: Re: New files for Zeus servers
Post by: jackberri on July 29, 2010, 09:41:39 am
Code: [Select]
hxxp://solaruploaderz.com/eeeee100.exemd5sum ===> 7e3f2d17c8d4f0d84eb1b1d87c59ad7b
http://www.virustotal.com/es/analisis/3efaaae3080b26814d7e4c928e27932a066d238d59c9200ccdc5f14fac1faf99-1280396101 (http://www.virustotal.com/es/analisis/3efaaae3080b26814d7e4c928e27932a066d238d59c9200ccdc5f14fac1faf99-1280396101)
VT 17/40 (42.5%)
Title: Re: New files for Zeus servers
Post by: jackberri on July 30, 2010, 09:12:29 am
Code: [Select]
hxxp://jocudaidie.ru/bin/aimeenei.binmd5sum ===> c57be44ee5c13692798df96123913c51
Code: [Select]
hxxp://jocudaidie.ru/bin/aimeenei.exemd5sum ===> 096b7e8c4f611f0eb69cfb776f3a0e7e
http://www.virustotal.com/es/analisis/077ad77f77e4e2987633a0c78f8a54e664e9ecaacfa37128c0631326182c571f-1280427248 (http://www.virustotal.com/es/analisis/077ad77f77e4e2987633a0c78f8a54e664e9ecaacfa37128c0631326182c571f-1280427248)
VT 35/42 (83.34%)


Code: [Select]
hxxp://freshspark.net/kolrew/main.exemd5sum ===> 92edb6a4d0d9cee756029280fd3d32a4
http://www.virustotal.com/es/analisis/fe78141db033a2c7a154f25927e3f67c06d83dd5665b79a460f9e7725ca885fe-1280442196 (http://www.virustotal.com/es/analisis/fe78141db033a2c7a154f25927e3f67c06d83dd5665b79a460f9e7725ca885fe-1280442196)
VT 12/42 (28.58%)
Title: Re: New files for Zeus servers
Post by: jackberri on July 30, 2010, 10:27:15 pm
Code: [Select]
hxxp://krassoffki.com/jop/notlove.docmd5sum ===> 96cb4f8d3ca3c144c454a52826d4e254
Code: [Select]
hxxp://krassoffki.com/jop/ntlv.exemd5sum ===> 32b95b2f0b6fbf0f5647da2642a66653
http://www.virustotal.com/es/analisis/3c659eb0aef6e3e3df71f073f988d69884736781079ace722f7e0447fd552594-1280507531 (http://www.virustotal.com/es/analisis/3c659eb0aef6e3e3df71f073f988d69884736781079ace722f7e0447fd552594-1280507531)
VT 37/41 (90.25%)
Title: Re: New files for Zeus servers
Post by: jackberri on August 01, 2010, 07:35:43 pm
Code: [Select]
hxxp://info-news.name/d3.somd5sum ===> 608c99c457a783560656f36445bf4701
Title: Re: New files for Zeus servers
Post by: jackberri on August 02, 2010, 10:47:10 am
Code: [Select]
hxxp://drtyyyt.ru/zeustracker.abuse.ch/cgi-bin/rapport.exemd5sum ===> 5d560bc5032b7d9d3a7dc4072c50c353
http://www.virustotal.com/es/analisis/b56c1d0cac3aa6c6f45c594065d0b2f0934ab03caae7f057d878b9085d287ee1-1280742082 (http://www.virustotal.com/es/analisis/b56c1d0cac3aa6c6f45c594065d0b2f0934ab03caae7f057d878b9085d287ee1-1280742082)
VT 22/42 (52.39%)

Code: [Select]
hxxp://solaruploaderz.com/eeeee1000.exemd5sum ===> ef6d812af42f6d289104b27f6d581137
http://www.virustotal.com/es/analisis/fd51869ae7eacd180b4829232a67c4ae456ff02d6c58770275e58633a4c5f886-1280727495 (http://www.virustotal.com/es/analisis/fd51869ae7eacd180b4829232a67c4ae456ff02d6c58770275e58633a4c5f886-1280727495)
VT 11/42 (26.2%)

IP Location: China - ETFIBER-AS Broadhand IP Network based DWDM
IP 61.28.22.201
AS17490
Registrant/Registrant Email: Alexey Rastov/moons@qx8.ru
Code: [Select]
hxxp://jsonphp.net/437y342/old.jpgmd5sum ===> b1927be4f347faea6eb56a6b98504d54
Code: [Select]
hxxp://jsonphp.net/437y342/kuku.php
IP Location: United States - RoadRunner RR-RC-Wholesale Internet, Inc
IP 204.12.242.213
AS32097
Registrant/Registrant Email: Polina Kuznetsova/flab@bigmailbox.ru
Code: [Select]
hxxp://salx.cc/373.cpmmd5sum ===> c3a3bbfc146d9d782333dcb1569d7c65
Title: Re: New files for Zeus servers
Post by: jackberri on September 03, 2010, 09:37:00 am
Code: [Select]
hxxp://113.11.194.167/us27/usdase.dbmd5sum ===> e4e5122f88d8d46cfe29cb592c107952
Title: Re: New files for Zeus servers
Post by: jackberri on September 03, 2010, 12:29:47 pm
IP Location: China - CNC Group CHINA - China-Network-Communications-Group
IP 221.10.252.223
AS4837
Registrant/Registrant Email: THOMAS CLEARY/centers@email.com
Code: [Select]
hxxp://mikkymouse.com/x8000_1/100.jpgmd5sum ===> fa143e123423969541fa3f22414e3f8a
Code: [Select]
hxxp://tjkleen.net/iklo/rapp.exe
hxxp://mikkymouse.com/iklo/rapp.exe
md5sum ===> 0e55e09567011cd910453bfbd6716d45
http://www.virustotal.com/file-scan/report.html?id=7416638c5aed7a413fa6b519f27555bb1af91731ba710ea10b095d8d64575d2a-1283508584 (http://www.virustotal.com/file-scan/report.html?id=7416638c5aed7a413fa6b519f27555bb1af91731ba710ea10b095d8d64575d2a-1283508584)
VT 9/43 (20.9%)
Code: [Select]
hxxp://mikkymouse.com/x8000_1/2923478234.php

Code: [Select]
hxxp://216.235.69.81:8080/images/bot.binmd5sum ===> d1c083c8eafd6cdf2b44b9866232615
Title: Re: New files for Zeus servers
Post by: jackberri on September 04, 2010, 07:10:59 pm
Code: [Select]
hxxp://sefergtrserfv.ru/php/cfg001.binmd5sum ===> c9c196d3cc1a7f1f457b615cd9204cd5
Code: [Select]
hxxp://sefergtrserfv.ru/php/001.exemd5sum ===> 764e7090798b21ae8056d67dd7f4f152
http://www.virustotal.com/file-scan/report.html?id=c028af51bbdfae9d556b0c4a46e4ac20192de11d28b029e57e46bc2b30d8617d-1283626966 (http://www.virustotal.com/file-scan/report.html?id=c028af51bbdfae9d556b0c4a46e4ac20192de11d28b029e57e46bc2b30d8617d-1283626966)
VT 19/43 (44.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on September 05, 2010, 12:25:04 pm
Code: [Select]
hxxp://zsbiznet.in/php/cfg003.binmd5sum ===> d49fe52a6ff10a27a169b1e93c46642b
Code: [Select]
hxxp://zsbiznet.in/php/003.exemd5sum ===> 85234abd728bdb8a3876035b1378c400
https://www.virustotal.com/file-scan/report.html?id=0bdc9245dbd80ff5a5e81f34120f10c3ecc7f5e061928fdb94d0f56877986a7c-1283689138 (https://www.virustotal.com/file-scan/report.html?id=0bdc9245dbd80ff5a5e81f34120f10c3ecc7f5e061928fdb94d0f56877986a7c-1283689138)
VT 20/42 (47.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on September 08, 2010, 08:17:33 am
related (already listed):
Code: [Select]
hxxp://stolimonov.ru/IP Location: United States - Dimenoc - Florida - DIMENOC-HOSTDIME
IP 66.7.193.212
[sh136.surpasshosting.com]
AS33182
Registrant ID:CR46903290
Registrant/Registrant Email: Rachael Toaduff/admin@richard-kahan.com
Code: [Select]
hxxp://cashmultipliersystem.info/wp-agressive.exemd5sum ===> 5948d3729ffd3a422d43d02192e13f00
http://www.virustotal.com/file-scan/report.html?id=f090f334fc7ef4b0aac34d1b66be6126f111b153be6ca52c233458e353f8f75c-1283861511 (http://www.virustotal.com/file-scan/report.html?id=f090f334fc7ef4b0aac34d1b66be6126f111b153be6ca52c233458e353f8f75c-1283861511)
VT 29/43 (67.4%)
Title: Re: New files for Zeus servers
Post by: jackberri on September 09, 2010, 07:34:22 am
Code: [Select]
hxxp://nfruhskhfts.com/bs/nal.binmd5sum ===> ba4473fbc746720570694a0c41b3d400

Code: [Select]
hxxp://leadingcase.cc/20aug_test.cpmmd5sum ===> 71a738533dc5d56f1df6083b56b03735
Code: [Select]
hxxp://leadingcase.cc/20aug_dmit.cpmmd5sum ===> ab2e04e4b7a85c565dbcd8ad1dd60b22

Code: [Select]
hxxp://gizmatool.net/pr/server/config.binmd5sum ===> 56fa3ab6ebbf19d26b980d35a969e609
Code: [Select]
hxxp://gizmatool.net/pr/server/lob/bot.exemd5sum ===> 5f864d3d26dde99ec21ed63fb095e6c9
http://www.virustotal.com/file-scan/report.html?id=63074663d06ed1f76803eadcfca15949142df41e286875c5c45411906468b495-1284017050 (http://www.virustotal.com/file-scan/report.html?id=63074663d06ed1f76803eadcfca15949142df41e286875c5c45411906468b495-1284017050)
VT 10/43 (23.3%)
Code: [Select]
hxxp://gizmatool.net/server/lob/bot.exemd5sum ===> 2c8886b28da493e2faaffbb17622c7e5
http://www.virustotal.com/file-scan/report.html?id=f1edd1f5e2ee3ef288598a64e34ceede39b5f7ed97c0f448f2a1ac238768ea97-1284017345 (http://www.virustotal.com/file-scan/report.html?id=f1edd1f5e2ee3ef288598a64e34ceede39b5f7ed97c0f448f2a1ac238768ea97-1284017345)
VT 27/43 (62.8%)
Code: [Select]
hxxp://gizmatool.net/pr/server/gate.php
Title: Re: New files for Zeus servers
Post by: jackberri on September 11, 2010, 07:26:40 pm
Code: [Select]
hxxp://tsd1online.com/f_32thg2ihfloeil/yif3hj373959fd/up3/mxconfig.binmd5sum ===> 42617556c91fed70460550bb9ce44a52
Code: [Select]
hxxp://tsd1online.com/f_32thg2ihfloeil/yif3hj373959fd/up3/bot_upp3_124.exemd5sum ===> 6e55898aae6ac1a9fb23c1d8046d77d1
http://www.virustotal.com/file-scan/report.html?id=93c2cbd76ae75e5be64eee7011e746f12c54cdd24abbe98af29c9de6c8a3b410-1284232954 (http://www.virustotal.com/file-scan/report.html?id=93c2cbd76ae75e5be64eee7011e746f12c54cdd24abbe98af29c9de6c8a3b410-1284232954)
VT 20/43 (46.5%)
Code: [Select]
hxxp://tsd1online.com/f_32thg2ihfloeil/yif3hj373959fd/gate_38g72fugh32ufi.php
Code: [Select]
hxxp://leadingcase.cc/20aug_pacif.cpmmd5sum ===> a62b682f1b3d5eae9fceb7c136359c93
Title: Re: New files for Zeus servers
Post by: jackberri on September 12, 2010, 11:36:34 am
New md5sum for:

Code: [Select]
hxxp://458928409.com/eu5.exemd5sum ===> 8fccf5b8b9d515aed91863db32975156
http://www.virustotal.com/file-scan/report.html?id=77b4b3307c9e6fbb7f6d431220d7a4190b75c917c08170fd2f4934da40af402d-1284291047 (http://www.virustotal.com/file-scan/report.html?id=77b4b3307c9e6fbb7f6d431220d7a4190b75c917c08170fd2f4934da40af402d-1284291047)
VT 8/42 (19.0%)

Code: [Select]
hxxp://inkognittto.ru/wireshark/wireshark.exemd5sum ===> 145682e946d84e99ab320191914f9281
http://www.virustotal.com/file-scan/report.html?id=77b4b3307c9e6fbb7f6d431220d7a4190b75c917c08170fd2f4934da40af402d-1284291047 (http://www.virustotal.com/file-scan/report.html?id=77b4b3307c9e6fbb7f6d431220d7a4190b75c917c08170fd2f4934da40af402d-1284291047)
VT 11/43 (25.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on September 17, 2010, 03:10:27 pm
Code: [Select]
hxxp://veveto.net/Z/files/anti.exemd5sum ===> 3ae3c6b372f8435be0a19b0c4fd0ee2b
http://www.virustotal.com/file-scan/report.html?id=036895a5815c43532e29c8866366fb18f8e66ced9fa75c9e33b7958e6974343b-1284713322 (http://www.virustotal.com/file-scan/report.html?id=036895a5815c43532e29c8866366fb18f8e66ced9fa75c9e33b7958e6974343b-1284713322)
VT 8/43 (18.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on September 18, 2010, 04:32:32 pm
Code: [Select]
hxxp://tisheedesh.com/newz/pizza.imgmd5sum ===> cb431efe6e24f540ce17ceab1f448369

Code: [Select]
hxxp://94.102.51.38/koster/1.exemd5sum ===> 57ac5d08e61d1a1bb48b2dee9b1986c6
http://www.virustotal.com/file-scan/report.html?id=8767ed77b8dc95cdae010d2241385c0e4ae376796024822eae41653a0f76ceab-1284827061 (http://www.virustotal.com/file-scan/report.html?id=8767ed77b8dc95cdae010d2241385c0e4ae376796024822eae41653a0f76ceab-1284827061)
VT 8/41 (19.5%)

Code: [Select]
hxxp://94.102.51.38/faner/sas.exemd5sum ===> 84ae52e1f43e16cb2fcafaed3e5baef3
http://www.virustotal.com/file-scan/report.html?id=87d184e9a44e628e217d89b91edff75474e0f682a68a26ac9d6ab650b7249d12-1284827054 (http://www.virustotal.com/file-scan/report.html?id=87d184e9a44e628e217d89b91edff75474e0f682a68a26ac9d6ab650b7249d12-1284827054)
VT 3/43 (7.0%)
related (already listed):
Code: [Select]
hxxp://nfruhskhfts.com/bs/nal.bin
Title: Re: New files for Zeus servers
Post by: jackberri on September 21, 2010, 12:37:05 pm
Code: [Select]
hxxp://94.102.51.38/megapower/sas.exemd5sum ===> 17fc2ab1c102ba1b6518dafe6614a9e3
http://www.virustotal.com/file-scan/report.html?id=ca1baea714db23b05c0acba0cdbe2ec217e31b95c16519bfd8ac5cc55f994b87-1285072298 (http://www.virustotal.com/file-scan/report.html?id=ca1baea714db23b05c0acba0cdbe2ec217e31b95c16519bfd8ac5cc55f994b87-1285072298)
VT 8/43 (18.6%)
related (already listed):
Code: [Select]
hxxp://nfruhskhfts.com/bs/nal.bin
Title: Re: New files for Zeus servers
Post by: jackberri on September 30, 2010, 12:48:44 pm
Code: [Select]
hxxp://miraxgroupmirax.com/170.exemd5sum ===> a0268fcda0aca6dd6eaed0a15ca9198f
http://www.virustotal.com/file-scan/report.html?id=b021181b662cd3ec9e9b493af99cae35538bb844f534089b0a6800710d5cf47d-1285850666 (http://www.virustotal.com/file-scan/report.html?id=b021181b662cd3ec9e9b493af99cae35538bb844f534089b0a6800710d5cf47d-1285850666)
VT 14/43 (32.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 01, 2010, 03:37:08 am
Code: [Select]
hxxp://tsd1online.com/f_32thg2ihfloeil/yif3hj373959fd/up2/bot_upp2_202.exemd5sum ===> a519da272069033106fddee4bda48c18
http://www.virustotal.com/file-scan/report.html?id=ddacf6117e516aee77ea6e51991dc3504f760300bf85049ee798e2de1ccad966-1285899447 (http://www.virustotal.com/file-scan/report.html?id=ddacf6117e516aee77ea6e51991dc3504f760300bf85049ee798e2de1ccad966-1285899447)
VT 22/40 (55.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 02, 2010, 09:02:56 am
Code: [Select]
hxxp://ohmaebahsh.ru/bin/jaizeepo.binmd5sum ===> cf5f028a3f64945b1fe234c74917d361
Code: [Select]
hxxp://ohmaebahsh.ru/xe1koo/_gate.php
Title: Re: New files for Zeus servers
Post by: jackberri on October 03, 2010, 08:24:43 pm
Code: [Select]
hxxp://peeeeee.ru/udp/history/udp.statmd5sum ===> ffbf906c6ce96f5841ac35ebc1e0ef1b
Code: [Select]
hxxp://peeeeee.ru/udp/history/udp.exemd5sum ===> 2c74a4bf2d50cfd007df94a44a447235
http://www.virustotal.com/file-scan/report.html?id=bb536c72566c72779b4ffc3c9c41821a02261da6377ac887be0aa98b3ee8bb94-1286137205 (http://www.virustotal.com/file-scan/report.html?id=bb536c72566c72779b4ffc3c9c41821a02261da6377ac887be0aa98b3ee8bb94-1286137205)
VT 1/43 (2.3%)
Code: [Select]
hxxp://peeeeee.ru/udp/history/history.php
Title: Re: New files for Zeus servers
Post by: jackberri on October 04, 2010, 02:24:48 pm
Code: [Select]
hxxp://dzenhottoo.cc/20aug_old.cpmmd5sum ===> 9606cee402f8b890e0f2a76b9641511c
Code: [Select]
hxxp://dzenhottoo.cc/20aug_old.exemd5sum ===> 4c8e066585c937f5bf0c2ca904680ebc
http://www.virustotal.com/file-scan/report.html?id=25925a99a1c040c6be7e16d093abd18ffe8eb3be9315ba05b50dfe1862069be7-1286197161 (http://www.virustotal.com/file-scan/report.html?id=25925a99a1c040c6be7e16d093abd18ffe8eb3be9315ba05b50dfe1862069be7-1286197161)
VT 8/41 (19.5%)
dropzone (already listed):
Code: [Select]
hxxp://dzenhottoo.cc/yahooman.php
Title: Re: New files for Zeus servers
Post by: jackberri on October 05, 2010, 11:06:37 am
New md5sum:
Code: [Select]
hxxp://sworo.ru/localpeer/uttorent-updates/2.4.exemd5sum ===> 39e60e59efebb424ab6eb9fc62ba4e70
http://www.virustotal.com/file-scan/report.html?id=de302cd693ffcbb45dda97397a3e97dc27442cd223c70a9d25deda250b913274-1286276495 (http://www.virustotal.com/file-scan/report.html?id=de302cd693ffcbb45dda97397a3e97dc27442cd223c70a9d25deda250b913274-1286276495)
VT 9/43 (20.9%)
Title: Re: New files for Zeus servers
Post by: doomrainer on October 05, 2010, 11:47:40 am
Code: [Select]
http://lyulf.co.uk/2pmf1qq/setup742472.exe
http://www.virustotal.com/file-scan/report.html?id=26c57e851ce7c0eab4b4c97cc8c6a5c7d6cfec340d1969f32602ebd6a5d6ece4-1286278742

Code: [Select]
www.chateaudecoisse.com/.tfdmezb/?getexe=m24.in.exehttp://www.virustotal.com/file-scan/report.html?id=e0e23a4be4e0d4288614d485d0f4c84d5bce054ee846a9529c512249b5159ae4-1286279041

Not sure what this one was but was related to the above files:
Code: [Select]
www.chateaudecoisse.com/.tfdmezb/?getexe=dg.exhttp://www.virustotal.com/file-scan/report.html?id=e4ea080ade1f7800193ba8bbd380e06836954b4866d9371d57e7fff71ef7a39b-1286278883



Code: [Select]
http://anlaegkp.dk/trygxqlz/setup314555.exehttp://www.virustotal.com/file-scan/report.html?id=26c57e851ce7c0eab4b4c97cc8c6a5c7d6cfec340d1969f32602ebd6a5d6ece4-1286277933

MD5 Sum ====> 56d13776773159c22339e19e529cd3be
Title: Re: New files for Zeus servers
Post by: jackberri on October 05, 2010, 01:36:03 pm
New md5Sum
Code: [Select]
hxxp://peeeeee.ru/udp/history/udp.exemd5sum ===> 1087db7b0128a858284c07bbe0b1c994
http://www.virustotal.com/file-scan/report.html?id=e99c8cf5a68a3979f9f0a75ac22ab58c507721b6a8bb9105bf471a2f38e89726-1286284898 (http://www.virustotal.com/file-scan/report.html?id=e99c8cf5a68a3979f9f0a75ac22ab58c507721b6a8bb9105bf471a2f38e89726-1286284898)
VT 9/41 (22.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 06, 2010, 02:47:47 pm
Code: [Select]
hxxp://tutubest.net/20aug_denis.cpmmd5sum ===> b12bdd824d151550f7197d6a422d3492
Code: [Select]
hxxp://tutubest.net/20aug_pacif.cpmmd5sum ===> be7280eab29bdcf1749700dea921817f
Code: [Select]
hxxp://tutubest.net/20aug_denis.exemd5sum ===> bd48c418253320e9eb29cce55ccb9842
http://www.virustotal.com/file-scan/report.html?id=7c48602dcad0d73a6afa1775936091219d93660410cfac894a297ac5e2e4588d-1286375068 (http://www.virustotal.com/file-scan/report.html?id=7c48602dcad0d73a6afa1775936091219d93660410cfac894a297ac5e2e4588d-1286375068)
VT 5/43 (11.6%)
Code: [Select]
hxxp://tutubest.net/20aug_pacif.exemd5sum ===> 1d792ffd2e922edee9daa7ea3e537466
http://www.virustotal.com/file-scan/report.html?id=4f242e3830d7c3573bd7ec36289e7723d2eeae32644a47fda5708be637172054-1286375091 (http://www.virustotal.com/file-scan/report.html?id=4f242e3830d7c3573bd7ec36289e7723d2eeae32644a47fda5708be637172054-1286375091)
VT 5/43 (11.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 06, 2010, 06:24:53 pm
Code: [Select]
hxxp://jadesquadg.com/eso/isp.exemd5sum ===> ba996fbc71379a3d4d8d7497d1874f87
http://www.virustotal.com/file-scan/report.html?id=5eb96258e79a2046ed200ceaeb46f772e9cb2dda64f34c8836ae9e4c80a349f8-1286389168 (http://www.virustotal.com/file-scan/report.html?id=5eb96258e79a2046ed200ceaeb46f772e9cb2dda64f34c8836ae9e4c80a349f8-1286389168)
VT 11/43 (25.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 06, 2010, 07:41:38 pm
New md5Sum
Code: [Select]
hxxp://sworo.ru/localpeer/uttorent-updates/2.4.exemd5sum ===> 90af3741788ea7ea816a3bbb0a9d8c35
http://www.virustotal.com/file-scan/report.html?id=771e99513cd81adb8a3bd38721de1363ba832f6114db921d605ea220231bd3a7-1286393818 (http://www.virustotal.com/file-scan/report.html?id=771e99513cd81adb8a3bd38721de1363ba832f6114db921d605ea220231bd3a7-1286393818)
VT 3/38 (7.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 07, 2010, 12:34:13 pm
Code: [Select]
hxxp://dzenhottoo.cc/20aug_dmit.cpmmd5sum ===> 70b05f458006f98979b6c9d9492a0a82
Code: [Select]
hxxp://dzenhottoo.cc/20aug_dmit.exemd5sum ===> d5561a48281eb3c9265399007a5e3a80
http://www.virustotal.com/file-scan/report.html?id=77b794470238f71d00c67c41cfe02113e953a743ccff6e36d2fbf3a991cd38cc-1286454590 (http://www.virustotal.com/file-scan/report.html?id=77b794470238f71d00c67c41cfe02113e953a743ccff6e36d2fbf3a991cd38cc-1286454590)
VT 12/43 (27.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 07, 2010, 09:12:45 pm
Code: [Select]
hxxp://hguituih5h.com/m/sas.exemd5sum ===> bc3a33ea181fea2c3ed93026319aa02d
http://www.virustotal.com/file-scan/report.html?id=ed91e4520d2f9f701724a518d1cc6760a13d7b5bf317f72a18fc902112097140-1286485624 (http://www.virustotal.com/file-scan/report.html?id=ed91e4520d2f9f701724a518d1cc6760a13d7b5bf317f72a18fc902112097140-1286485624)
VT 31/42 (73.8%)
Title: Re: New files for Zeus servers
Post by: politeAMS on October 08, 2010, 04:49:50 pm
Code: [Select]
hxxp://pnport.ru/administrator/modules/xfcfus.bin
Zeus Configuration File
Title: Re: New files for Zeus servers
Post by: jackberri on October 09, 2010, 06:57:20 pm
Code: [Select]
hxxp://tutubest.net/20aug_dmit.exemd5sum ===> bc81fc930e45c3c5f7c974a1bcf7819f
http://www.virustotal.com/file-scan/report.html?id=58bc25378ef8c45ed8474c6a28376ee0f9fea42983c41653b19289bc7c7f8a3d-1286650201 (http://www.virustotal.com/file-scan/report.html?id=58bc25378ef8c45ed8474c6a28376ee0f9fea42983c41653b19289bc7c7f8a3d-1286650201)
VT 18/43 (41.9%)

Code: [Select]
hxxp://tutubest.net/20aug_test.exemd5sum ===> 949f62bcad2c0e0eebd0b15f1046ff23
http://www.virustotal.com/file-scan/report.html?id=bfb3ab4821980df1e1b200cc139d227b9d896a1793d83dcc0bf5db98323f0478-1286650447 (http://www.virustotal.com/file-scan/report.html?id=bfb3ab4821980df1e1b200cc139d227b9d896a1793d83dcc0bf5db98323f0478-1286650447)
VT 18/43 (41.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 10, 2010, 05:41:49 pm
Code: [Select]
hxxp://193.104.153.104/kazgifts.binmd5sum ===> 8bde2244e680e6abbf75827735c5c47e
Code: [Select]
hxxp://193.104.153.101/kazget32.exemd5sum ===> a854cd2b03b12785011968b35e89b5c3
http://www.virustotal.com/file-scan/report.html?id=b7c9d5f0b5b8bc3ac1dfac0f333797156a3487f5eebcb56b6644177bee59906a-1286730906 (http://www.virustotal.com/file-scan/report.html?id=b7c9d5f0b5b8bc3ac1dfac0f333797156a3487f5eebcb56b6644177bee59906a-1286730906)
VT 25/43 (58.1%)
Code: [Select]
hxxp://193.104.153.104/kazgodwin.php
Title: Re: New files for Zeus servers
Post by: jackberri on October 10, 2010, 07:45:39 pm
Code: [Select]
hxxp://dzenhottoo.cc/20aug_birdie.cpmmd5sum ===> 7f1504675467461cf29a13d457916d87
Code: [Select]
hxxp://dzenhottoo.cc/20aug_birdie.exemd5sum ===> 34eace71e2dea09d7a8642a8883fce96
http://www.virustotal.com/file-scan/report.html?id=4eb6366ee10768603828392e8fc4f5b36a19740a43869654ea458be3758c21c5-1286739072 (http://www.virustotal.com/file-scan/report.html?id=4eb6366ee10768603828392e8fc4f5b36a19740a43869654ea458be3758c21c5-1286739072)
VT 22/42 (52.4%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 12, 2010, 09:40:38 am
Code: [Select]
hxxp://pitorysoue.com/ptz/ptg.exemd5sum ===> 359316aa5901613a3ad4f9265a93c600
http://www.virustotal.com/file-scan/report.html?id=8eb24df595c39a6fc4a665076ff19c933c43d0b626a28b3aab0decf12e9ac998-1286875907 (http://www.virustotal.com/file-scan/report.html?id=8eb24df595c39a6fc4a665076ff19c933c43d0b626a28b3aab0decf12e9ac998-1286875907)
VT 24/43 (55.8%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 13, 2010, 08:19:51 pm
Code: [Select]
hxxp://m0t0n0.com/upp5.somd5sum ===> fe5fbae528cef277a23a81e8b8802e3d
Title: Re: New files for Zeus servers
Post by: jackberri on October 13, 2010, 09:09:48 pm
Code: [Select]
hxxp://hguituih5h.com/b/mu.exemd5sum ===> fddc2021f643a8407186cb08ffe29e03
http://www.virustotal.com/file-scan/report.html?id=55aaacef89443ab7b5d82507eea920a0c407bb5f6a88afd8545dde0e62d8657d-1287003949 (http://www.virustotal.com/file-scan/report.html?id=55aaacef89443ab7b5d82507eea920a0c407bb5f6a88afd8545dde0e62d8657d-1287003949)
VT 3/42 (7.1%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 14, 2010, 06:22:45 am
Code: [Select]
hxxp://dzenhottoo.cc/20aug_pacif.cpmmd5sum ===> c4390d022c2799a15e0d096032f42afd
Code: [Select]
hxxp://dzenhottoo.cc/20aug_pacif.exemd5sum ===> f52c5973f1e90e252e3aa681f1e9f633
http://www.virustotal.com/file-scan/report.html?id=5ce8477f44c15c78eb7ad0806db3b4ca86b8182c5e3e7c194509b06aecc2e62a-1287037006 (http://www.virustotal.com/file-scan/report.html?id=5ce8477f44c15c78eb7ad0806db3b4ca86b8182c5e3e7c194509b06aecc2e62a-1287037006)
VT 17/43 (39.5%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 14, 2010, 07:15:13 pm
Code: [Select]
hxxp://tutubest.net/20aug_old.cpmmd5sum ===> ecbb9953f83184f32b10430fbf174914
Code: [Select]
hxxp://tutubest.net/20aug_old.exemd5sum ===> 82489e771d06bf26bb973e10104c258e
http://www.virustotal.com/file-scan/report.html?id=9f26ef31b3df366c3ea330bc90bf539dcd5b4a42859ba414b9d406d8b54b0082-1287083491 (http://www.virustotal.com/file-scan/report.html?id=9f26ef31b3df366c3ea330bc90bf539dcd5b4a42859ba414b9d406d8b54b0082-1287083491)
VT 5/43 (11.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 15, 2010, 07:04:45 am
Code: [Select]
hxxp://biztracker24.com.tw/bin/other.exemd5sum ===> c142acf0d8eb66e5278f1b1fb469691d
http://www.virustotal.com/file-scan/report.html?id=de74a25ef5acce4e1d6d8392702262c190293901d6e08e648699e772140be225-1287125996 (http://www.virustotal.com/file-scan/report.html?id=de74a25ef5acce4e1d6d8392702262c190293901d6e08e648699e772140be225-1287125996)
VT 20/43 (46.5%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 15, 2010, 07:56:53 am
Code: [Select]
hxxp://tsd1online.com/f_32thg2ihfloeil/yif3hj373959fd/up4/mss.binmd5sum ===> 43835f9ea8072f129bf8e5df6cee34f2
Code: [Select]
hxxp://tsd1online.com/f_32thg2ihfloeil/yif3hj373959fd/up5/tss.binmd5sum ===> 04092f73738b6dc89965e573393aa14d
Title: Re: New files for Zeus servers
Post by: jackberri on October 15, 2010, 08:44:38 am
Code: [Select]
hxxp://dzenhottoo.cc/20aug_birdie.exe
hxxp://tutubest.net/20aug_birdie.exe new md5sum
md5sum ===> a52a1f106c618e175c1ae3ac10ade1fe
http://www.virustotal.com/file-scan/report.html?id=d0a8246e8850cc29700466e6ebd2f0e5eb5eb8ec8ebda0ac2f616ff2a3566e96-1287131690 (http://www.virustotal.com/file-scan/report.html?id=d0a8246e8850cc29700466e6ebd2f0e5eb5eb8ec8ebda0ac2f616ff2a3566e96-1287131690)
VT 12/43 (27.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 15, 2010, 02:33:45 pm
Code: [Select]
hxxp://fedikloool.ru/picture/botez.exemd5sum ===> 441c8e6da2d2d51b29d2a31dd4472635
https://www.virustotal.com/file-scan/report.html?id=deda386aaf3efe91a5785a87b184df1d32653c1358ee1afb212624d254381ad2-1287152916 (https://www.virustotal.com/file-scan/report.html?id=deda386aaf3efe91a5785a87b184df1d32653c1358ee1afb212624d254381ad2-1287152916)
VT 10/43 (23.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 15, 2010, 09:51:50 pm
Code: [Select]
hxxp://iejtuqutqe.com/itworks/new212.imgmd5sum ===> 24f65fe2e6124690a2b64fd0d5e04d97
Title: Re: New files for Zeus servers
Post by: jackberri on October 17, 2010, 08:48:24 am
Code: [Select]
hxxp://mservicesonline.ru/f0rum/ess.jpgmd5sum ===> cecc5b0d01dfdbbafa95f8d46920398b
Title: Re: New files for Zeus servers
Post by: jackberri on October 17, 2010, 02:54:40 pm
New md5sum:
Code: [Select]
hxxp://pitorysoue.com/ptz/ptg.exemd5sum ===> e3c66ad4e95e9e44c3b3c0acc748a12e
http://www.virustotal.com/file-scan/report.html?id=dde29aa2d8bf6ee8378350e8dba92d6d41ccd7eab61d4e7f5afb8b5febf1a89c-1287326992 (http://www.virustotal.com/file-scan/report.html?id=dde29aa2d8bf6ee8378350e8dba92d6d41ccd7eab61d4e7f5afb8b5febf1a89c-1287326992)
VT 19/43 (44.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 18, 2010, 09:33:38 am
Code: [Select]
hxxp://193.201.192.82/~maz/index/vrsit/trio.somd5sum ===> 5767afab8a53bd219918ffeb3b57f794
Code: [Select]
hxxp://193.201.192.82/~maz/index/1201.php
Title: Re: New files for Zeus servers
Post by: jackberri on October 18, 2010, 04:39:22 pm
Code: [Select]
hxxp://timeupdate.asia/t1me/cnv1.binmd5sum ===> 4bcd4d7698f57f6101ea07361a08d9ad
Code: [Select]
hxxp://timeupdate.asia/t1me/cnv1.exemd5sum ===> df3da9b9a803596d234bad4907b00695
http://www.virustotal.com/file-scan/report.html?id=80175662dff477c109fd74b46058d4ff5166056d970a4cafeae0303de277ff51-1287419606 (http://www.virustotal.com/file-scan/report.html?id=80175662dff477c109fd74b46058d4ff5166056d970a4cafeae0303de277ff51-1287419606)
VT 8/42 (19.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 20, 2010, 06:37:34 am
New md5sum:
Code: [Select]
hxxp://timeupdate.asia/t1me/timeupdate2.exemd5sum ===> 846076a863c48876e4ab376379ba482f
http://www.virustotal.com/file-scan/report.html?id=7ac13ccc61943ab80722f17210173f8e5a9bcb74c5469a3b5c01d707ba25e495-1287540939 (http://www.virustotal.com/file-scan/report.html?id=7ac13ccc61943ab80722f17210173f8e5a9bcb74c5469a3b5c01d707ba25e495-1287540939)
VT 6/43 (14.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 20, 2010, 07:54:49 am
New md5sum:
Code: [Select]
hxxp://tutubest.net/20aug_birdie.exe
hxxp://dzenhottoo.cc/20aug_birdie.exe
md5sum ===> e03cf37bbf070f6d61f3af1f483f3c04
http://www.virustotal.com/file-scan/report.html?id=45fe8527c64c1b9b8f62be064b5f73513dddd7fb10d07f30dc87fc3c83366450-1287558942 (http://www.virustotal.com/file-scan/report.html?id=45fe8527c64c1b9b8f62be064b5f73513dddd7fb10d07f30dc87fc3c83366450-1287558942)
VT 6/43 (14.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 23, 2010, 09:02:06 am
Code: [Select]
hxxp://euutywetwi.com/bestwork/prime11.imgmd5sum ===> 71eaf1e4458594385c6a0f4e81c75b24
Title: Re: New files for Zeus servers
Post by: jackberri on October 24, 2010, 06:51:59 pm
trojan Slaper
Code: [Select]
hxxp://miraxgroupmirax.com/171.exemd5sum ===> db1eccede2b56f72451809790faa3ad1
http://www.virustotal.com/file-scan/report.html?id=17ec80f41f6d5017046cc89278147efd6673c45346367c6b3307dede4ea3a80a-1287945618 (http://www.virustotal.com/file-scan/report.html?id=17ec80f41f6d5017046cc89278147efd6673c45346367c6b3307dede4ea3a80a-1287945618)
VT 18/43 (41.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 28, 2010, 07:17:25 am
Code: [Select]
hxxp://gophottoo.cc/22oct_dmi.exe
hxxp://gopheisstoo.cc/22oct_dmi.exe
md5sum ===> 301e1a4b5920d68c878e97255c860d2c
http://www.virustotal.com/file-scan/report.html?id=e0c67e1c4f1a9c0af0f920969f3db6dd6bfec4d1c23963b04ac087cca8a09277-1288250014 (http://www.virustotal.com/file-scan/report.html?id=e0c67e1c4f1a9c0af0f920969f3db6dd6bfec4d1c23963b04ac087cca8a09277-1288250014)
VT 16/43 (37.2%)
Code: [Select]
hxxp://gopheisstoo.cc/yahooman.php#zeus trojan that comes from hxxp://gopheisstoo.cc/
Title: Re: New files for Zeus servers
Post by: jackberri on October 28, 2010, 06:18:14 pm
Code: [Select]
hxxp://gopheisstoo.cc/22oct_den.cpm
hxxp://hottutufast.net/22oct_den.cpm[
hxxp://fuhotfast.net/22oct_den.cpm
md5sum ===> 8859b366c9b686e2379ea6e9f1763b09
Code: [Select]
hxxp://hottutufast.net/22oct_den.exe
hxxp://fuhotfast.net/22oct_den.exe
md5sum ===> 25c46a179a276d039c383a5c1073fef2
http://www.virustotal.com/file-scan/report.html?id=c19b692dc15fef5e3e48c0e2286f71f896444a57a10bb35bf531339342e3a4c2-1288277781 (http://www.virustotal.com/file-scan/report.html?id=c19b692dc15fef5e3e48c0e2286f71f896444a57a10bb35bf531339342e3a4c2-1288277781)
VT 3/43 (7.0%)

Code: [Select]
hxxp://gopheisstoo.cc/22oct_den.exemd5sum ===> 737e3c244bd48e5b0f255b8d8692f990
http://www.virustotal.com/file-scan/report.html?id=f9d821a1457f0702997491d97cf86305098c0211bc2c2a7c106e8469610c577f-1288276916 (http://www.virustotal.com/file-scan/report.html?id=f9d821a1457f0702997491d97cf86305098c0211bc2c2a7c106e8469610c577f-1288276916)
VT 4/43 (9.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 29, 2010, 03:39:49 pm
Code: [Select]
hxxp://gopheisstoo.cc/14oct_usa.exemd5sum ===> 8859b366c9b686e2379ea6e9f1763b09
http://www.virustotal.com/file-scan/report.html?id=9315e61e1264acaf7934966692b28d74d37e0e82089b6c72486a1d0115026663-1288366297 (http://www.virustotal.com/file-scan/report.html?id=9315e61e1264acaf7934966692b28d74d37e0e82089b6c72486a1d0115026663-1288366297)
VT 7/43 (16.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 29, 2010, 06:16:54 pm
Code: [Select]
hxxp://gopheisstoo.cc/22oct_bir.cpm
hxxp://hottutufast.net/22oct_bir.cpm
hxxp://fuhotfast.net/22oct_bir.cpm
md5sum ===> 2235369c3351ed3697c922a30d649844
Code: [Select]
hxxp://gopheisstoo.cc/22oct_bir.exe
hxxp://hottutufast.net/22oct_bir.exe
hxxp://fuhotfast.net/222oct_bir.exe
md5sum ===> 929f6d08752780dbd47058b63968ebb0
http://www.virustotal.com/file-scan/report.html?id=9315e61e1264acaf7934966692b28d74d37e0e82089b6c72486a1d0115026663-1288375809 (http://www.virustotal.com/file-scan/report.html?id=9315e61e1264acaf7934966692b28d74d37e0e82089b6c72486a1d0115026663-1288375809)
VT 8/42 (19.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 30, 2010, 05:48:21 pm
Code: [Select]
hxxp://gopheisstoo.cc/22oct_pac.cpm
hxxp://tutubest.com/22oct_pac.cpm
hxxp://hottutufast.net/22oct_pac.cpm
hxxp://fuhotfast.net/22oct_pac.cpm
md5sum ===> 342764a10683ccb3dd984d948d17f350
Code: [Select]
hxxp://gopheisstoo.cc/22oct_pac.exe
hxxp://hottutufast.net/22oct_pac.exe
hxxp://tutubest.com/22oct_pac.exe
hxxp://fuhotfast.net/22oct_pac.exe
md5sum ===> 83069e247b6dc33e66ebba80d8b92854
http://www.virustotal.com/file-scan/report.html?id=f45328abd1a4e6797fdced4f9b9d6086d38cd0917c218835feacd8f6d8e27b00-1288459586 (http://www.virustotal.com/file-scan/report.html?id=f45328abd1a4e6797fdced4f9b9d6086d38cd0917c218835feacd8f6d8e27b00-1288459586)
VT 6/42 (14.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 31, 2010, 05:07:54 pm
related zeusbotnet malware
Code: [Select]
hxxp://cagohome.com/a2.so (already listed)
IP Location: Ukraine - VHost route - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP  91.213.174.6
AS29106
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Anton S Petuchkov/antonpetushkov@yahoo.com
Code: [Select]
hxxp://vatind0.com/cr_mailer1.exemd5sum ===> 3fa0553ab078edf85bd6833d43f04efd
http://www.virustotal.com/file-scan/report.html?id=cbe5fe76e9a3859abc00b3bdffd95bedb9be839afe0597a02df83f457bea1490-1288543806 (http://www.virustotal.com/file-scan/report.html?id=cbe5fe76e9a3859abc00b3bdffd95bedb9be839afe0597a02df83f457bea1490-1288543806)
VT 2/43 (4.7%)
Code: [Select]
hxxp://193.23.126.40/kkk.exemd5sum ===> 6a85cbf1deb4374219cb70671af2b1e0
http://www.virustotal.com/file-scan/report.html?id=69ad4a6159fca96c407aa4164914513f29e7ebcee279aa1102519950f5acf198-1288417607 (http://www.virustotal.com/file-scan/report.html?id=69ad4a6159fca96c407aa4164914513f29e7ebcee279aa1102519950f5acf198-1288417607)
VT 36/43 (83.7%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 01, 2010, 11:40:57 am
Code: [Select]
hxxp://ourpole.com/x9000_z/jq.jpgmd5sum ===> 996c966440b471e49da4ad5e277835c9


Code: [Select]
hxxp://193.41.38.65/metadont.php
Title: Re: New files for Zeus servers
Post by: jackberri on November 02, 2010, 01:23:56 pm
Code: [Select]
hxxp://videoiumons.com/2/setup.exemd5sum ===>36979633456ba34bb23d7efe31097c0c
http://www.virustotal.com/file-scan/report.html?id=72c004eaf2f2cf03d1e41c89c976063216933deeb6428f115f5e83ae81521ae3-1288720455 (http://www.virustotal.com/file-scan/report.html?id=72c004eaf2f2cf03d1e41c89c976063216933deeb6428f115f5e83ae81521ae3-1288720455)
VT 19/43 (44.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 02, 2010, 07:40:27 pm
Code: [Select]
hxxp://videoiumons.com/2/GSoft.exemd5sum ===> d93b1607af7e8f8624bfab363e4685ae
http://www.virustotal.com/file-scan/report.html?id=79040207193cb3471a813742515b2c11fb84b74fa15c4b6d6abc11c2a2cad643-1288725967 (http://www.virustotal.com/file-scan/report.html?id=79040207193cb3471a813742515b2c11fb84b74fa15c4b6d6abc11c2a2cad643-1288725967)
VT 10/43 (23.3%)
Code: [Select]
hxxp://videoiumons.com/GSoft.exemd5sum ===> 914052bc2c2f27fa788d75ee49c128c3
http://www.virustotal.com/file-scan/report.html?id=3d9348b8ef2a393c2773c0cdc901ce3fd75a929c7b0e8c34fcbab301619b2c00-1288726613 (http://www.virustotal.com/file-scan/report.html?id=3d9348b8ef2a393c2773c0cdc901ce3fd75a929c7b0e8c34fcbab301619b2c00-1288726613)
VT 25/43 (58.1%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 04, 2010, 01:16:29 pm
Code: [Select]
hxxp://3color3.com/KillEXE.exemd5sum ===> 5330900fb64af7af052a0ed0df43a13d
http://www.virustotal.com/file-scan/report.html?id=d825ad5d1a23bbfaf32f41a1b4682db470bb4d6cbb137478570ddb6d8fd8aa32-1288872689 (http://www.virustotal.com/file-scan/report.html?id=d825ad5d1a23bbfaf32f41a1b4682db470bb4d6cbb137478570ddb6d8fd8aa32-1288872689)
VT 6/43 (14.0%)
Code: [Select]
hxxp://3color3.com/cr_ALL.exemd5sum ===> 01d5dc5b58dc4a7d7a3644b52c33beb1
http://www.virustotal.com/file-scan/report.html?id=f27609e00cdf1468225ad9944fb421281283a390663659a37678d30f038a059b-1288872679 (http://www.virustotal.com/file-scan/report.html?id=f27609e00cdf1468225ad9944fb421281283a390663659a37678d30f038a059b-1288872679)
VT 4/43 (9.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 06, 2010, 06:57:47 pm
Code: [Select]
hxxp://122vsvsn21221.net/urla/c2.binmd5sum ===> 008a15bb223514d1b9341c9b892da835
Title: Re: New files for Zeus servers
Post by: jackberri on November 09, 2010, 09:18:25 am
Code: [Select]
hxxp://wekemenal.com/g/g.exemd5sum ===> 06d1b191add9c3ed04510f88ac4a6c3f
http://www.virustotal.com/file-scan/report.html?id=3a6076b14aa3c9d5c673905786facf70081154b8a6e1e20a37cf39e5eb536d7c-1289293792 (http://www.virustotal.com/file-scan/report.html?id=3a6076b14aa3c9d5c673905786facf70081154b8a6e1e20a37cf39e5eb536d7c-1289293792)
VT 17/43 (39.5%)
related:
IP Location: United States - MTO Telecom inc. Proxy Route Object Gogax -  Maintainer for Tenino Telephone
IP 76.76.99.53
[reverse-mtl-76-76-99-53.gogax.com]
AS21793
free01.editdns.net - AS33517
free02.editdns.net - AS32748
Registrant/Email Registrant: Vitalij Filipov/alumni@yourisp.ru
Code: [Select]
hxxp://kukarmens64ks.com/kjdhf/g8df7.binmd5sum ===> e31b69b62b341988d0a6f68e899411cf
Code: [Select]
hxxp://kukarmens64ks.com/kjdhf/ms.php
Title: Re: New files for Zeus servers
Post by: jackberri on November 09, 2010, 01:30:00 pm
Code: [Select]
hxxp://193.178.172.60/1.exemd5sum ===> 5306e980ba840f766a6856f4eb681804
http://www.virustotal.com/file-scan/report.html?id=5f8ce5adf09ae7dd38c1035dfc94ed317bc464ef059c32b4beb83dedc1fec52c-1289307918 (http://www.virustotal.com/file-scan/report.html?id=5f8ce5adf09ae7dd38c1035dfc94ed317bc464ef059c32b4beb83dedc1fec52c-1289307918)
VT 4/43 (9.3%)

IP Location: Bosnia and Herzegovina - BA-GLOBALNET-AS
IP 77.78.239.132
AS42560
ns1.regway.com - AS15830
ns2.regway.com - AS36351
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org
Code: [Select]
hxxp://warspaces.net/77x.exemd5sum ===> 1170eaa8f17f5ee055fc77980c77a735
http://www.virustotal.com/file-scan/report.html?id=332ed05a082b9d0f3c297836a0825536b7c495ef2eee94f9c112d3f5e864f7f7-1289308861 (http://www.virustotal.com/file-scan/report.html?id=332ed05a082b9d0f3c297836a0825536b7c495ef2eee94f9c112d3f5e864f7f7-1289308861)
VT 8/43 (18.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 11, 2010, 11:38:12 am
New md5sum:
Code: [Select]
hxxp://qazino.ru/garena/CIG104.exemd5sum ===> f2850a6d405fc545ee45bf7638bdc714
http://www.virustotal.com/file-scan/report.html?id=6ca14b393cb39c0c41afb8160d0a51f900767cd03022c0285cb78682117a9965-1289470120 (http://www.virustotal.com/file-scan/report.html?id=6ca14b393cb39c0c41afb8160d0a51f900767cd03022c0285cb78682117a9965-1289470120)
VT 10/42 (23.8%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 12, 2010, 07:49:18 pm
New md5sum:
Code: [Select]
hxxp://gopheisstoo.cc/22oct_pac.exe
hxxp://tutubest.com/22oct_pac.exe
md5sum ===> 2549c652f3b430bea4c62e8e51c2dfbe
http://www.virustotal.com/file-scan/report.html?id=e2f2a516e6009005c033820ee58a1eac84f27c8134db872ac6e6ee2780d5a291-1289590856 (http://www.virustotal.com/file-scan/report.html?id=e2f2a516e6009005c033820ee58a1eac84f27c8134db872ac6e6ee2780d5a291-1289590856)
VT 6/43 (14.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 13, 2010, 12:58:28 pm
New md5sum:
Code: [Select]
hxxp://gopheisstoo.cc/22oct_den.exe
hxxp://hottutufast.net/22oct_den.exe
hxxp://tutubest.com/22oct_den.exe
md5sum ===> be0e76c0e0b10d608711edff1671cdc3
http://www.virustotal.com/file-scan/report.html?id=4d882817e16bf01090cbaa5fd8d51b87b2002b7ad0218631199fcba286c55718-1289652508 (http://www.virustotal.com/file-scan/report.html?id=4d882817e16bf01090cbaa5fd8d51b87b2002b7ad0218631199fcba286c55718-1289652508)
VT 14/41 (34.1%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 13, 2010, 01:12:03 pm
Code: [Select]
hxxp://195.226.197.100/~host/uk/ukdase.dbmd5sum ===> 2a8b95037c149e514d30893222894b63
Code: [Select]
hxxp://195.226.197.100/~host/uk/uk.exemd5sum ===> 470f48cc605e836cc16b8fe09ef75f6b
http://www.virustotal.com/file-scan/report.html?id=968c98032d87a331aad37dde580a161c267b5060eb9a05c129043b9a3eee7a0c-1289653619 (http://www.virustotal.com/file-scan/report.html?id=968c98032d87a331aad37dde580a161c267b5060eb9a05c129043b9a3eee7a0c-1289653619)
VT 20/43 (46.5%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 13, 2010, 02:06:58 pm
New md5sum:

Code: [Select]
hxxp://gopheisstoo.cc/22oct_ic3.exe
hxxp://hottutufast.net/22oct_ic3.exe
hxxp://tutubest.com/22oct_ic3.exe
md5sum ===> 96c17bb64bccde648fdce63a27f2b217
http://www.virustotal.com/file-scan/report.html?id=08620fd58588cbc06c87179a74bcc45cc1a4ffe5d0941a598107553797876303-1289656801 (http://www.virustotal.com/file-scan/report.html?id=08620fd58588cbc06c87179a74bcc45cc1a4ffe5d0941a598107553797876303-1289656801)
VT 3/43 (7.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 13, 2010, 03:51:47 pm
New md5sum:

Code: [Select]
hxxp://gopheisstoo.cc/14oct_usa.exe
hxxp://hottutufast.net/14oct_usa.exe
hxxp://tutubest.com/14oct_usa.exe
md5sum ===> 43d944baebb8a2b986051f0b2eca40d6
http://www.virustotal.com/file-scan/report.html?id=a9f5a00d508c43f8a5015169a07f0fe692749394d90185d15a3fd87f91708d3d-1289657456 (http://www.virustotal.com/file-scan/report.html?id=a9f5a00d508c43f8a5015169a07f0fe692749394d90185d15a3fd87f91708d3d-1289657456)
VT 3/43 (7.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 14, 2010, 06:01:10 pm
New md5sum:

Code: [Select]
hxxp://gopheisstoo.cc/22oct_bir.exe
hxxp://hottutufast.net/22oct_bir.exe
hxxp://tutubest.com/22oct_bir.exe
md5sum ===> fb4cf7647e7301c197febc97d569ddcc
http://www.virustotal.com/file-scan/report.html?id=ce6d6d0bc716c71aca40d8758e8eaceb2ef4ee1b35b39c74c4afba1df5e9b380-1289730638 (http://www.virustotal.com/file-scan/report.html?id=ce6d6d0bc716c71aca40d8758e8eaceb2ef4ee1b35b39c74c4afba1df5e9b380-1289730638)
VT 12/43 (27.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 15, 2010, 11:45:15 am
New md5sum:
Code: [Select]
hxxp://qazino.ru/garena/CIG104.exemd5sum ===> f86c1cd34e38a344001f8c70e27f7817
http://www.virustotal.com/file-scan/report.html?id=ba0e6fcc76cb2d75b7fe031e322674a5085e47fca9c5e0c38ad09165827c588b-1289805169 (http://www.virustotal.com/file-scan/report.html?id=ba0e6fcc76cb2d75b7fe031e322674a5085e47fca9c5e0c38ad09165827c588b-1289805169)
VT 18/43 (41.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 16, 2010, 09:31:44 am
Code: [Select]
hxxp://oztime.asia/6ucks/oztime2.binmd5sum ===> 40da6cd5448768fcb28ac69d5d924b47
Code: [Select]
hxxp://oztime.asia/6ucks/oztime2.exemd5sum ===> f4c405d79a07626f0fe4a26564bf2d7b
http://www.virustotal.com/file-scan/report.html?id=8e96abd0834e1feeb4c6f0f196a4b0014ae00cdd5d9ad17ce80ef5dcacb1d566-1289898415 (http://www.virustotal.com/file-scan/report.html?id=8e96abd0834e1feeb4c6f0f196a4b0014ae00cdd5d9ad17ce80ef5dcacb1d566-1289898415)
VT 11/43 (25.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 16, 2010, 12:30:25 pm
Code: [Select]
hxxp://oztime.asia/m0ney/synctime1.binmd5sum ===> 4d7466ec878dd09c82e3245f2061433c
Code: [Select]
hxxp://oztime.asia/m0ney/synctime1.exemd5sum ===> 6774f775981bd262e47956b63d27ddec
http://www.virustotal.com/file-scan/report.html?id=c0d931378b3746894dfc3efc3900dccb112f065e077c2a5e18c236d6dda345b8-1289910221 (http://www.virustotal.com/file-scan/report.html?id=c0d931378b3746894dfc3efc3900dccb112f065e077c2a5e18c236d6dda345b8-1289910221)
VT 4/42 (9.5%)
Code: [Select]
hxxp://oztime.asia/m0ney/gat3.php
Title: Re: New files for Zeus servers
Post by: jackberri on November 18, 2010, 11:24:33 am
Code: [Select]
hxxp://carsforrichandother.com/images/bg.gifmd5sum ===> fcca9f7ce4626a6051367889ba745b08
Title: Re: New files for Zeus servers
Post by: jackberri on November 18, 2010, 07:57:53 pm
Code: [Select]
hxxp://carsforrichandother.com/images/header.gifmd5sum ===> 84ea2b3ebe4b79609490e6f057c039be
Title: Re: New files for Zeus servers
Post by: jackberri on November 19, 2010, 03:29:38 pm
zeus trojan updated:

Code: [Select]
hxxp://decreasein.net/14oct_usa.exe
hxxp://thinkpadus.cc/14oct_usa.exe
hxxp://realemotion.cc/14oct_usa.exe
md5sum ===> 373e6c954299ac1abc26d807688dd5ad
http://www.virustotal.com/file-scan/report.html?id=1fec86b0ca32c32b47b6a147d4a88ede46aadd4771a17def67178fedc344e1e0-1290174370 (http://www.virustotal.com/file-scan/report.html?id=1fec86b0ca32c32b47b6a147d4a88ede46aadd4771a17def67178fedc344e1e0-1290174370)
VT 21/42 (50.0%)
Code: [Select]
hxxp://decreasein.net/22oct_den.exe
hxxp://thinkpadus.cc/22oct_den.exe
hxxp://realemotion.cc/22oct_den.exe
md5sum ===> fb97df4a7c8f8f8b55e0f3f63941dd88
http://www.virustotal.com/file-scan/report.html?id=7e48b9e7f34b42a1cfc4ba6c4f0d51fd8ff11eacb4353563995de1f56c091cd7-1290174221 (http://www.virustotal.com/file-scan/report.html?id=7e48b9e7f34b42a1cfc4ba6c4f0d51fd8ff11eacb4353563995de1f56c091cd7-1290174221)
VT 25/43 (58.1%)
Code: [Select]
hxxp://decreasein.net/22oct_dmi.exe
hxxp://thinkpadus.cc/22oct_dmi.exe
hxxp://realemotion.cc/22oct_dmi.exe
md5sum ===> 14f68a7f9957ea2bb5c3b94a23939d17
http://www.virustotal.com/file-scan/report.html?id=c18fed4f9b768a9f24c033b18acf60bc39dba305a1ac19b835cc01e86acc5e79-1290172767 (http://www.virustotal.com/file-scan/report.html?id=c18fed4f9b768a9f24c033b18acf60bc39dba305a1ac19b835cc01e86acc5e79-1290172767)
VT 21/43 (48.8%)
Code: [Select]
hxxp://decreasein.net/22oct_pac.exe
hxxp://thinkpadus.cc/22oct_pac.exe
hxxp://realemotion.cc/22oct_pac.exe
md5sum ===> 58d4a5c9b962a573c0ddf161fdd2a927
http://www.virustotal.com/file-scan/report.html?id=f7a82722948184ced6a580bf8df3966201832b9b0a07bdf2e05fec314f3a9172-1290172540 (http://www.virustotal.com/file-scan/report.html?id=f7a82722948184ced6a580bf8df3966201832b9b0a07bdf2e05fec314f3a9172-1290172540)
VT 20/43 (46.5%)
Code: [Select]
hxxp://decreasein.net/22oct_ic3.exe
hxxp://thinkpadus.cc/22oct_ic3.exe
hxxp://realemotion.cc/22oct_ic3.exe
md5sum ===> 73fae018c9c45f64b4cc221301051394
http://www.virustotal.com/file-scan/report.html?id=75e3e48ba79564386b215681f279072f817f421655e9bb76b093d876831cf376-1290174770 (http://www.virustotal.com/file-scan/report.html?id=75e3e48ba79564386b215681f279072f817f421655e9bb76b093d876831cf376-1290174770)
VT 19/43 (44.2%)
Code: [Select]
hxxp://decreasein.net/22oct_bir.exe
hxxp://thinkpadus.cc/22oct_bir.exe
hxxp://realemotion.cc/22oct_bir.exe
md5sum ===> ee0397c57e9166352c06c8d4931e068a
http://www.virustotal.com/file-scan/report.html?id=7666bdb4ffa6344e8167633852966560501b5cdee7cd254f732a5f956cc30868-1290174870 (http://www.virustotal.com/file-scan/report.html?id=7666bdb4ffa6344e8167633852966560501b5cdee7cd254f732a5f956cc30868-1290174870)
VT 23/43 (53.5%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 20, 2010, 06:42:15 am
zeus trojan updated:
Code: [Select]
hxxp://decreasein.net/14oct_usa.exe
hxxp://thinkpadus.cc/14oct_usa.exe
hxxp://realemotion.cc/14oct_usa.exe
md5sum ===> 45200bc3a1d4b232efb807bfaf9e53c5
http://www.virustotal.com/file-scan/report.html?id=e11f1913eac1efadfb129169334d3f8a32c5e575a77ace97ee89ecbd01e309d8-1290233711 (http://www.virustotal.com/file-scan/report.html?id=e11f1913eac1efadfb129169334d3f8a32c5e575a77ace97ee89ecbd01e309d8-1290233711)
VT 15/43 (34.9%)

Code: [Select]
hxxp://decreasein.net/22oct_den.exe
hxxp://thinkpadus.cc/22oct_den.exe
hxxp://realemotion.cc/22oct_den.exe
md5sum ===> be10bbab9db05664fe076467d26090b5
http://www.virustotal.com/file-scan/report.html?id=b525b2484629a106dda2bdbb87d321d23c001d5f6e828a635d9a7274e356d0e7-1290234213 (http://www.virustotal.com/file-scan/report.html?id=b525b2484629a106dda2bdbb87d321d23c001d5f6e828a635d9a7274e356d0e7-1290234213)
VT 15/43 (34.9%)

Code: [Select]
hxxp://decreasein.net/22oct_dmi.exe
hxxp://thinkpadus.cc/22oct_dmi.exe
hxxp://realemotion.cc/22oct_dmi.exe
md5sum ===> 2de473db1b365699e03eb7b428321a31
http://www.virustotal.com/file-scan/report.html?id=8d9c7eba1231754ae4c3049a084892a9f4c9981a3e621738d0ceb6186be1a41f-1290234392 (http://www.virustotal.com/file-scan/report.html?id=8d9c7eba1231754ae4c3049a084892a9f4c9981a3e621738d0ceb6186be1a41f-1290234392)
VT 15/40 (37.5%)

Code: [Select]
hxxp://decreasein.net/22oct_pac.exe
hxxp://thinkpadus.cc/22oct_pac.exe
hxxp://realemotion.cc/22oct_pac.exe
md5sum ===> 0c7f5fbd7758663abea44bbd28493d4d
http://www.virustotal.com/file-scan/report.html?id=20a60eb6ff047161dc14296339d93037cb28385bcbd339fa53d1b0ee95f298c3-1290234599 (http://www.virustotal.com/file-scan/report.html?id=20a60eb6ff047161dc14296339d93037cb28385bcbd339fa53d1b0ee95f298c3-1290234599)
VT 15/43 (34.9%)

Code: [Select]
hxxp://decreasein.net/22oct_ic3.exe
hxxp://thinkpadus.cc/22oct_ic3.exe
hxxp://realemotion.cc/22oct_ic3.exe
md5sum ===> 94399462d74a5f58e5fd622979a67af7
http://www.virustotal.com/file-scan/report.html?id=dd90e8034e80b67578511a159c9410467ed381d39f9d04cdb6f0b60cfac1c48e-1290234823 (http://www.virustotal.com/file-scan/report.html?id=dd90e8034e80b67578511a159c9410467ed381d39f9d04cdb6f0b60cfac1c48e-1290234823)
VT 15/43 (34.9%)

Code: [Select]
hxxp://decreasein.net/22oct_bir.exe
hxxp://thinkpadus.cc/22oct_bir.exe
hxxp://realemotion.cc/22oct_bir.exe
md5sum ===> e26ccd2ab2cf907d55efe20fd9a18e0b
http://www.virustotal.com/file-scan/report.html?id=daac108828080c9e3028b576b40499bf1a1c45196f3d249a465eced19300f16f-1290235002 (http://www.virustotal.com/file-scan/report.html?id=daac108828080c9e3028b576b40499bf1a1c45196f3d249a465eced19300f16f-1290235002)
VT 15/42 (35.7%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 20, 2010, 10:26:26 am
New md5sum:

Code: [Select]
hxxp://qazino.ru/garena/CIG104.exemd5sum ===> 757f670fa92fc5d49b001f254ce82b4d
http://www.virustotal.com/file-scan/report.html?id=7e33a9687ea27598485b553efe8c796247d30d5a03a83797783b66246584e03f-1290241160 (http://www.virustotal.com/file-scan/report.html?id=7e33a9687ea27598485b553efe8c796247d30d5a03a83797783b66246584e03f-1290241160)
VT 13/43 (30.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 21, 2010, 12:23:23 pm
Code: [Select]
hxxp://frasertooper.com/monte-karlo/usdase.dbmd5sum ===> 74e6e80c3f26ed814c7061d40b05bff9
Code: [Select]
hxxp://frasertooper.com/monte-karlo/us.exemd5sum ===> 4417ff9efe9e996b75c395922576c998
http://www.virustotal.com/file-scan/report.html?id=962b8fc0d2a8772a94639d014f27a41a72f62c91cd0c4050ee0dced231592329-1290253782 (http://www.virustotal.com/file-scan/report.html?id=962b8fc0d2a8772a94639d014f27a41a72f62c91cd0c4050ee0dced231592329-1290253782)
VT 6/43 (14.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 21, 2010, 04:09:22 pm
New md5sum:

Code: [Select]
hxxp://dilidam0001.com/xed/yourbot.exemd5sum ===> 4efd1757d63f956e131dda406a65d162
http://www.virustotal.com/file-scan/report.html?id=2366d63a695f0e0e04d01912a88364d8d2e5be4b48311183985cbe8fd273b0b4-1290355472 (http://www.virustotal.com/file-scan/report.html?id=2366d63a695f0e0e04d01912a88364d8d2e5be4b48311183985cbe8fd273b0b4-1290355472)
VT 5/43 (11.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 21, 2010, 05:55:11 pm
Code: [Select]
hxxp://wawnet.net:8000/winhelp.exemd5sum ===> f3b71378a7c4c97f578833582a992b9e
http://www.virustotal.com/file-scan/report.html?id=f42fa44e2db6e95f2334e41dbb203b8cfeaa68e619aca5a7815ee13efe93fff0-1290361512 (http://www.virustotal.com/file-scan/report.html?id=f42fa44e2db6e95f2334e41dbb203b8cfeaa68e619aca5a7815ee13efe93fff0-1290361512)
VT 9/43 (20.9%)
Code: [Select]
hxxp://wawnet.net:8000/WindowsUpdate.exemd5sum ===> 6dffad6872bba34720fb09b8af224d98
http://www.virustotal.com/file-scan/report.html?id=a2c80a1dede963a9cdf1522928250179f5caeb27d68c043a412f31784d254ecb-1290361742 (http://www.virustotal.com/file-scan/report.html?id=a2c80a1dede963a9cdf1522928250179f5caeb27d68c043a412f31784d254ecb-1290361742)
VT 19/41 (46.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 21, 2010, 11:07:50 pm
Code: [Select]
botikov.net/ext/profi.binmd5sum ===> cf5fb91feb71915d258233e60fa6c689
Title: Re: New files for Zeus servers
Post by: jackberri on November 24, 2010, 08:05:04 am
Code: [Select]
hxxp://currencyis.com/22oct_ic3.cpmmd5sum ===> 23faaf0b0c5b4afc216b185f1dde2661
Code: [Select]
hxxp://currencyis.com/22oct_ic3.exemd5sum ===> 27b4187034b335a3b845c5672b684536
http://www.virustotal.com/file-scan/report.html?id=43197ca55e43e7ee0e34e1d09f7e8bbdb847aad17c2a2ac073973a32d1d3bf34-1290582909 (http://www.virustotal.com/file-scan/report.html?id=43197ca55e43e7ee0e34e1d09f7e8bbdb847aad17c2a2ac073973a32d1d3bf34-1290582909)
VT 7/43 (16.3%)
Code: [Select]
hxxp://currencyis.com/22oct_pac.cpmmd5sum ===> c27f6430354c8a42b45f2aa1354f745d
Code: [Select]
hxxp://currencyis.com/22oct_pac.exemd5sum ===> c718a00d841e84e04911020c8a78730b
http://www.virustotal.com/file-scan/report.html?id=3dce3c2ac5e555e2932f369d98925aa7129e265209cf0f10f5ba2d535f706848-1290584103 (http://www.virustotal.com/file-scan/report.html?id=3dce3c2ac5e555e2932f369d98925aa7129e265209cf0f10f5ba2d535f706848-1290584103)
VT 9/43 (20.9%)
Code: [Select]
hxxp://currencyis.com/14oct_usa.cpmmd5sum ===> 089ac7c7ff1192359ba5f956ceb182a1
Code: [Select]
hxxp://currencyis.com/14oct_usa.exemd5sum ===> e50a812e106d7411ca5f8781486bbafd
http://www.virustotal.com/file-scan/report.html?id=745e7b3a0609d5e2fb9a4a695e665e686abea70ba89dee1305cf15c8449f85fc-1290584524 (http://www.virustotal.com/file-scan/report.html?id=745e7b3a0609d5e2fb9a4a695e665e686abea70ba89dee1305cf15c8449f85fc-1290584524)
VT 12/42 (28.6%)
Code: [Select]
hxxp://currencyis.com/22oct_den.cpmmd5sum ===> 5481800e086d128a662a792e70126a7f
Code: [Select]
hxxp://currencyis.com/22oct_den.exemd5sum ===> 4a2dc6076cfab268d555bdc408bc8cf8
http://www.virustotal.com/file-scan/report.html?id=38eb1872d5a99cbfae8104cf46c94807c4413c55bbc9f3d78849e9bcb93abfd0-1290584939 (http://www.virustotal.com/file-scan/report.html?id=38eb1872d5a99cbfae8104cf46c94807c4413c55bbc9f3d78849e9bcb93abfd0-1290584939)
VT 7/43 (16.3%)
Code: [Select]
hxxp://currencyis.com/22oct_dmi.cpmmd5sum ===> 3c06f8d6c5d1faf3dcc54f9a6d65d527
Code: [Select]
hxxp://currencyis.com/22oct_dmi.exemd5sum ===> 1431e19d2967d55e127b0c7b634c7d6e
http://www.virustotal.com/file-scan/report.html?id=80c620f3532bcc81809aa8e16acd2d14ad05a866585951f419544bc5d4446385-1290585340 (http://www.virustotal.com/file-scan/report.html?id=80c620f3532bcc81809aa8e16acd2d14ad05a866585951f419544bc5d4446385-1290585340)
VT 2/43 (4.7%)
Code: [Select]
hxxp://currencyis.com/22oct_bir.cpmmd5sum ===> 49a771b78f33e7773d553caa5a9c879f
Code: [Select]
hxxp://currencyis.com/22oct_bir.exemd5sum ===> 7bb3936b403f410555f1e60a2ea2385b
http://www.virustotal.com/file-scan/report.html?id=cc801a3618396ab1902935217a7ce271c89eddbf81224a46b68c72d254358336-1290585573 (http://www.virustotal.com/file-scan/report.html?id=cc801a3618396ab1902935217a7ce271c89eddbf81224a46b68c72d254358336-1290585573)
VT 10/38 (26.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 25, 2010, 03:06:50 pm
New md5sum:

Code: [Select]
hxxp://basildomut.ru/files/file.exemd5sum ===> a922af70b27d31aacbff8523e9bc27f4
http://www.virustotal.com/file-scan/report.html?id=2cd95c7b874ae3fed0aa12c2e76826c57eff3b814ae3c21841203688e89a96e5-1290697006 (http://www.virustotal.com/file-scan/report.html?id=2cd95c7b874ae3fed0aa12c2e76826c57eff3b814ae3c21841203688e89a96e5-1290697006)
VT 1/43 (2.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 25, 2010, 05:27:02 pm
New md5sum
Code: [Select]
hxxp://bestwebrecords.ru/cfg/lks34bestwebrecords.jpgmd5sum ===> 40b9a425ad01b176c046de9c19733850
Title: Re: New files for Zeus servers
Post by: jackberri on December 01, 2010, 11:49:35 am
New md5sum:
Code: [Select]
hxxp://nisferylos.com/gbt/ang.exemd5sum ===> 8b50d95a9cca292d558b76db5e7d6aab
http://www.virustotal.com/file-scan/report.html?id=c3c2695ad664b06b71eb28d8df341a0c634e7f5b977033b5ce64a4ad70b4784d-1291202892 (http://www.virustotal.com/file-scan/report.html?id=c3c2695ad664b06b71eb28d8df341a0c634e7f5b977033b5ce64a4ad70b4784d-1291202892)
VT 19/42 (45.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on December 02, 2010, 06:22:28 pm
Code: [Select]
hxxp://91.213.174.46/KillEXE.exemd5sum ===> 6314604abaf419b7e9d991d119a96bc4
http://www.virustotal.com/file-scan/report.html?id=d9cd73951f329045505d99b2268e7f5c27befab9933a9357130294e7acdf2fc0-1291312532 (http://www.virustotal.com/file-scan/report.html?id=d9cd73951f329045505d99b2268e7f5c27befab9933a9357130294e7acdf2fc0-1291312532)
VT 26/43 (60.5%)
Code: [Select]
hxxp://91.213.174.46/all-zahlung.exemd5sum ===> 5c2838b4e83855b56ae7320240678e47
http://www.virustotal.com/file-scan/report.html?id=426d4d927193905c0d54b3b1745b7306e2e0ff2cf236d158849634d8f7b57da8-1291312482 (http://www.virustotal.com/file-scan/report.html?id=426d4d927193905c0d54b3b1745b7306e2e0ff2cf236d158849634d8f7b57da8-1291312482)
VT 19/43 (44.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on December 11, 2010, 12:26:55 pm
New IP & md5sum:

IP Location: Russian Federation - VLine Telecom
IP 109.196.142.42
AS39150
Registrant/Email Registrant: Elena Gavrilova/rex@maillife.ru
Code: [Select]
hxxp://silvecoolg.com/ptz/por.tumd5sum ===> 15103d2a8efd9822e5ce5d4079bd701f
Code: [Select]
hxxp://silvecoolg.com/ptz/ptg.exemd5sum ===> 9ceaa23eea798c7e00a4f2bfc51cea02
http://www.virustotal.com/file-scan/report.html?id=16e527b805c47b6bc2e33a77ae3f00126d9909214d8cfbd877530f79d5878ac6-1292067098 (http://www.virustotal.com/file-scan/report.html?id=16e527b805c47b6bc2e33a77ae3f00126d9909214d8cfbd877530f79d5878ac6-1292067098)
VT 30/43 (69.8%)
Title: Re: New files for Zeus servers
Post by: jackberri on December 12, 2010, 05:02:54 pm
Code: [Select]
hxxp://shopgroov.net/ppnl3.bin
hxxp://shopgroov.net/panel3/ppnl3.bin
md5sum ===> 0ad35c76d0266ff114f1514f31f8b4a9
Code: [Select]
hxxp://shopgroov.net/panel3/ppnl3.exemd5sum ===> 547c0e1a9fd93b52f95ce6b4cb3e30dd
http://www.virustotal.com/file-scan/report.html?id=03a4369f802f8e348f22d2c691cf1044172637ff979844d1e0a20844578ae07c-1292162833 (http://www.virustotal.com/file-scan/report.html?id=03a4369f802f8e348f22d2c691cf1044172637ff979844d1e0a20844578ae07c-1292162833)
VT 38/43 (88.4%)
Code: [Select]
hxxp://shopgroov.net/panel3/gotobank.php
Title: Re: New files for Zeus servers
Post by: lelenina on December 13, 2010, 03:43:34 am
Http traffic captured with Fiddler from an exploit.  I believe it is ZeuS.
Code: [Select]
http://2go4corp.com/xed/config.bin
Title: Re: New files for Zeus servers
Post by: jackberri on December 13, 2010, 07:23:01 am
Http traffic captured with Fiddler from an exploit.  I believe it is ZeuS.
Code: [Select]
http://2go4corp.com/xed/config.bin

:)

IP Location: United States - bluemile arin block2 -  BLUEMILE , INC
IP 76.10.214.62
AS11013
Registrant/Email Registrant: Victor I Brikatnin/mire@maillife.ru
Code: [Select]
hxxp://2go4corp.com/xed/recover.binmd5sum ===> 829e442ea2537c1901a18a87b41e59f1
Code: [Select]
hxxp://2go4corp.com/xed/yourbot.exemd5sum ===> 67496e11ddf8232a027ba494a3c03cd2
http://www.virustotal.com/file-scan/report.html?id=31c992ce998e86548ab9cb4800b705272fcba8c58f61fd6ce2fcc5cd7ce21fdf-1292224147 (http://www.virustotal.com/file-scan/report.html?id=31c992ce998e86548ab9cb4800b705272fcba8c58f61fd6ce2fcc5cd7ce21fdf-1292224147)
VT 1/43 (2.3%)
Code: [Select]
hxxp://2go4corp.com/xed/gate.php
Title: Re: New files for Zeus servers
Post by: lelenina on December 13, 2010, 05:29:08 pm


:)

IP Location: United States - bluemile arin block2 -  BLUEMILE , INC
IP 76.10.214.62
AS11013
Registrant/Email Registrant: Victor I Brikatnin/mire@maillife.ru
Code: [Select]
hxxp://2go4corp.com/xed/recover.binmd5sum ===> 829e442ea2537c1901a18a87b41e59f1
Code: [Select]
hxxp://2go4corp.com/xed/yourbot.exemd5sum ===> 67496e11ddf8232a027ba494a3c03cd2
http://www.virustotal.com/file-scan/report.html?id=31c992ce998e86548ab9cb4800b705272fcba8c58f61fd6ce2fcc5cd7ce21fdf-1292224147 (http://www.virustotal.com/file-scan/report.html?id=31c992ce998e86548ab9cb4800b705272fcba8c58f61fd6ce2fcc5cd7ce21fdf-1292224147)
VT 1/43 (2.3%)
Code: [Select]
hxxp://2go4corp.com/xed/gate.php
How did you find where the binaries were located?
Title: Re: New files for Zeus servers
Post by: jackberri on December 13, 2010, 05:49:31 pm
How did you find where the binaries were located?

;)
http://www.malwaredomainlist.com/mdl.php?search=%2Fxed%2F&colsearch=All&quantity=50 (http://www.malwaredomainlist.com/mdl.php?search=%2Fxed%2F&colsearch=All&quantity=50)
Title: Re: New files for Zeus servers
Post by: jackberri on December 14, 2010, 03:59:13 pm
New md5sum:
Code: [Select]
hxxp://2go4corp.com/xed/yourbot.exemd5sum ===> 04c62bfb7514b1bc77e315ad51ee2b0c
http://www.virustotal.com/file-scan/report.html?id=a78ae65f4b529109b44b9e51acbe3cb4c51e9a51073ccfa24f8c935f95520f64-1292341955 (http://www.virustotal.com/file-scan/report.html?id=a78ae65f4b529109b44b9e51acbe3cb4c51e9a51073ccfa24f8c935f95520f64-1292341955)
VT 6/43 (14.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on December 14, 2010, 08:54:48 pm
New md5Sum:

Code: [Select]
hxxp://bestwebrecords.ru/cfg/lks34bestwebrecords.jpgmd5sum ===> 1dc3759fe4b836276e30782a77fb70c8

Code: [Select]
hxxp://sysupdate.ru/XIu2LaboagOUmOU/C19tRo.exemd5sum ===> 66cc9841caa8a576a427b57bbd29937c
http://www.virustotal.com/file-scan/report.html?id=4c01bc6b881b64ca8d06d36a03887fa86aab4dcc4ded89240f206b6824b0d8a8-1292370609 (http://www.virustotal.com/file-scan/report.html?id=4c01bc6b881b64ca8d06d36a03887fa86aab4dcc4ded89240f206b6824b0d8a8-1292370609)
VT 3/43 (7.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on December 15, 2010, 11:08:29 am
Code: [Select]
hxxp://sharplink.ru/22oct_pac.cpm
hxxp://kindbaby.ru/22oct_pac.cpm
hxxp://realemotions.ru/22oct_pac.cpm
md5sum ===> 2024edeef06f9d8482a6936e24451db5
Code: [Select]
hxxp://sharplink.ru/22oct_pac.exe
hxxp://kindbaby.ru/22oct_pac.exe
hxxp://realemotions.ru/22oct_pac.exe
md5sum ===> eefbe4c73a25a44bcc0d5df146b13fce
http://www.virustotal.com/file-scan/report.html?id=b68072cc74f356106fc638ce0d912a1fe4f6573da26336e80aabea89cbebca2c-1292408472 (http://www.virustotal.com/file-scan/report.html?id=b68072cc74f356106fc638ce0d912a1fe4f6573da26336e80aabea89cbebca2c-1292408472)
VT 24/43 (55.8%)
Code: [Select]
hxxp://kindbaby.ru/14oct_usa.cpmmd5sum ===> b1f5bef7abc60b7acccbde882a6e1644
Code: [Select]
hxxp://sharplink.ru/14oct_usa.exe
hxxp://kindbaby.ru/14oct_usa.exe
hxxp://realemotions.ru/14oct_usa.exe
md5sum ===> 70734b55ab2fe874e44706be389dc77b
http://www.virustotal.com/file-scan/report.html?id=c3a0d72b6c2d1d885117685d0548d976a00e7a5b9efb6c30e0edd8cd16431960-1292410216 (http://www.virustotal.com/file-scan/report.html?id=c3a0d72b6c2d1d885117685d0548d976a00e7a5b9efb6c30e0edd8cd16431960-1292410216)
VT 30/43 (69.8%)
Code: [Select]
hxxp://sharplink.ru/22oct_dmi.cpm
hxxp://kindbaby.ru/22oct_dmi.cpm
hxxp://realemotions.ru/22oct_dmi.cpm
md5sum ===> 4942d08e86bf432b2b23cb1e4b7ccf92
Code: [Select]
hxxp://sharplink.ru/22oct_dmi.exe
hxxp://kindbaby.ru/22oct_dmi.exe
hxxp://realemotions.ru/22oct_dmi.exe
md5sum ===> add058a4f13c3b5f2a97ecc80933cfff
http://www.virustotal.com/file-scan/report.html?id=6266922df8b6574a0e6c4a8049e691fbc86673764c908f107eb479dacc485a4a-1292410658 (http://www.virustotal.com/file-scan/report.html?id=6266922df8b6574a0e6c4a8049e691fbc86673764c908f107eb479dacc485a4a-1292410658)
VT 12/43 (27.9%)
Code: [Select]
hxxp://sharplink.ru/22oct_ic3.cpm
hxxp://kindbaby.ru/22oct_ic3.cpm
hxxp://realemotions.ru/22oct_ic3.cpm
md5sum ===> 1cf6fa0e85569d4c82f2432ca1ce985c
Code: [Select]
hxxp://sharplink.ru/22oct_ic3.exe
hxxp://kindbaby.ru/22oct_ic3.exe
hxxp://realemotions.ru/22oct_ic3.exe
md5sum ===> ee68283c0c8494c322c8f6d41aa4e8d6
http://www.virustotal.com/file-scan/report.html?id=ef70f2a7fc9c987e9d1420f12dcc83899e822cf68f86a4f6006e4553faa7c9d2-1292410999 (http://www.virustotal.com/file-scan/report.html?id=ef70f2a7fc9c987e9d1420f12dcc83899e822cf68f86a4f6006e4553faa7c9d2-1292410999)
VT 10/43 (23.3%)
Code: [Select]
hxxp://sharplink.ru/yahooman.php
hxxp://realemotions.ru/yahooman.php
Title: Re: New files for Zeus servers
Post by: jackberri on December 15, 2010, 09:00:04 pm
Code: [Select]
hxxp://91.213.174.44/KillEXE.exemd5sum ===> 20f961fbd1e8d56c357465a1c200664e
http://www.virustotal.com/file-scan/report.html?id=e46cbc9c4823e3693ce51413344325a8cfafc7f14697d3ebfdc3f06f6997fc9a-1292440877 (http://www.virustotal.com/file-scan/report.html?id=e46cbc9c4823e3693ce51413344325a8cfafc7f14697d3ebfdc3f06f6997fc9a-1292440877)
VT 25/43 (58.1%)
related (already listed):
Code: [Select]
hxxp://interodialset.com/000x120.so
Title: Re: New files for Zeus servers
Post by: jackberri on December 16, 2010, 06:02:58 pm
New md5Sum:

Code: [Select]
hxxp://sysupdate.ru/XIu2LaboagOUmOU/C19tRo.exemd5sum ===> b0bbe34f521ed7605ac5da22413d75af
http://www.virustotal.com/file-scan/report.html?id=2c35119ca3f4cd8fa55244b070a455afc3268fbbc3d61d0a77ed575647b5a172-1292520982 (http://www.virustotal.com/file-scan/report.html?id=2c35119ca3f4cd8fa55244b070a455afc3268fbbc3d61d0a77ed575647b5a172-1292520982)
VT 7/43 (16.3%)

Code: [Select]
hxxp://2go4corp.com/xed/yourbot.exemd5sum ===> 6e9f9f28f9a23d33e290e8da290aee0c
http://www.virustotal.com/file-scan/report.html?id=c15d5880ac241d2fbbda792f6c973edee94e198602256ebaf93a0ec89163ac37-1292521443 (http://www.virustotal.com/file-scan/report.html?id=c15d5880ac241d2fbbda792f6c973edee94e198602256ebaf93a0ec89163ac37-1292521443)
VT 2/43 (4.7%)
Title: Re: New files for Zeus servers
Post by: jackberri on December 16, 2010, 08:22:34 pm
Code: [Select]
hxxp://91.213.174.6/ups/ALL-zahlung.exe
hxxp://91.213.174.10/ups/ALL-zahlung.exe
hxxp://91.213.174.44/ups/ALL-zahlung.exe
md5sum ===> 81ec63eec9b5c4ccecc674b73d2797f9
http://www.virustotal.com/file-scan/report.html?id=a0e6c30e42cd9a752800d4aff1ac1537188f0e965b052cd000b4aae4fdd9745c-1292530513 (http://www.virustotal.com/file-scan/report.html?id=a0e6c30e42cd9a752800d4aff1ac1537188f0e965b052cd000b4aae4fdd9745c-1292530513)
VT 21/43 (48.8%)
Code: [Select]
hxxp://91.213.174.6/ups/ALL.exe
hxxp://91.213.174.10/ups/ALL.exe
hxxp://91.213.174.44/ups/ALL.exe
md5sum ===> 5cc9a312cbfb6bb9b117b94009f96d76
http://www.virustotal.com/file-scan/report.html?id=378840167bc5675cce79371d8bbeffbf786e4367c50962a554dd06d41f6b21c1-1292530672 (http://www.virustotal.com/file-scan/report.html?id=378840167bc5675cce79371d8bbeffbf786e4367c50962a554dd06d41f6b21c1-1292530672)
VT 1/43 (2.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on December 22, 2010, 08:30:14 am
Code: [Select]
hxxp://lsdqlmoezehnivn.org/news/?s=155726
hxxp://ntstuovussurej.com/news/?s=155726
hxxp://193.178.172.77/news/?s=155726
md5sum ===> d24c93875745ec3d2053e287bfcef7ba
Code: [Select]
hxxp://lsdqlmoezehnivn.org/news/?s=136357
hxxp://ntstuovussurej.com/news/?s=136357
hxxp://193.178.172.77/news/?s=136357
md5sum ===> eca48ad954faef3a8bf2c5ef7d534f2e
Code: [Select]
hxxp://lsdqlmoezehnivn.org/news/?s=6225
hxxp://lsdqlmoezehnivn.org/news/?s=6225
hxxp://193.178.172.77/news/?s=6225
md5sum ===> fb3c19442971a5e1270dca64b7ececfc
http://www.virustotal.com/file-scan/report.html?id=b33bc3c851a88eb1f72a8d94903d8441b3136db593d5097e99a8762aa4a632a7-1293006181 (http://www.virustotal.com/file-scan/report.html?id=b33bc3c851a88eb1f72a8d94903d8441b3136db593d5097e99a8762aa4a632a7-1293006181)
VT 22/43 (51.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on December 22, 2010, 12:49:59 pm
Code: [Select]
hxxp://fsdm.net/sx881/gta77.exemd5sum ===> 9bd6284ac3976b59796bfd8f06d87011
http://www.virustotal.com/file-scan/report.html?id=9c2efd6be7d822b9d3071a96651665b736d8d0b181c41316433b58215adde348-1293021690 (http://www.virustotal.com/file-scan/report.html?id=9c2efd6be7d822b9d3071a96651665b736d8d0b181c41316433b58215adde348-1293021690)
VT 8/43 (18.6%)
Code: [Select]
hxxp://dpxp.net/zxt727.php
Title: Re: New files for Zeus servers
Post by: jackberri on December 31, 2010, 12:51:22 pm
IP Location: Romania - SA-NOVA-TELECOM-GRUP-SRL
IP  188.229.90.158
AS49469
ns3.cnmsn.com
ns4.cnmsn.com
Registrant/Email Registrant: Whois Privacy Protection Service/huilpaukul@whoisservices.cn
Code: [Select]
hxxp://candiayadservices.com/all/all.binmd5sum ===> 44f720bd3178bb03501aece305778538
Code: [Select]
hxxp://candiayadservices.com/all/all.exemd5sum ===> ccdffe66084ecb4902f2bdc084f2fc9c
http://www.virustotal.com/file-scan/report.html?id=f60d0c8a8c5e0459a95320731cf6ac5440e7875380f637479320bebfc7049d8f-1293799392 (http://www.virustotal.com/file-scan/report.html?id=f60d0c8a8c5e0459a95320731cf6ac5440e7875380f637479320bebfc7049d8f-1293799392)
VT 8/43 (18.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on December 31, 2010, 05:54:39 pm
Code: [Select]
hxxp://suba555.com/gold/load/cfg2.binmd5sum ===> c298613a985728671740ed3021b6ecc8
Title: Re: New files for Zeus servers
Post by: jackberri on January 10, 2011, 07:48:11 am
Code: [Select]
hxxp://forum.worldwideplasticsforum.com/forum/image2.jpgmd5sum ===> 3045fd5bd59c01d8e5a91f514e8e9262
Code: [Select]
hxxp://forum.worldwideplasticsforum.com/forum/post.asp
Title: Re: New files for Zeus servers
Post by: jackberri on January 11, 2011, 11:19:44 pm
Code: [Select]
hxxp://flashspan.net/vvx2222/xxzz.jpgmd5sum ===> 876f8acf9a6ae465c4728e62a485c0d8

Code: [Select]
hxxp://nolif3-clan.org/ishigo/sama.php
hxxp://nolif3-clan.org/ishigo/index.php
hxxp://nolif3-clan.org/ishigo/index.php?b=b&v=test
Title: Re: New files for Zeus servers
Post by: jackberri on January 19, 2011, 03:48:11 pm
new md5sum
Code: [Select]
hxxp://elliota.com/sas/crdqargrxn8.exemd5sum ===> e2ac5ab3a6d80b7a8194f3a72066fbba
http://www.virustotal.com/file-scan/report.html?id=98579a3c3fca795347ecba4e0029c08b67289ee8271e37a43fd1a87427b51afb-1295451827 (http://www.virustotal.com/file-scan/report.html?id=98579a3c3fca795347ecba4e0029c08b67289ee8271e37a43fd1a87427b51afb-1295451827)
VT 15/43 (34.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on January 22, 2011, 11:01:43 am
Code: [Select]
hxxp://ustunoto.com.tr/FLA/Default2.flamd5sum ===> b04ee0dd31de6d86904de0a08d1a54ca
Code: [Select]
hxxp://ustunoto.com.tr/data/set.php
Title: Re: New files for Zeus servers
Post by: jackberri on January 24, 2011, 04:08:52 pm
Code: [Select]
hxxp://microsupdates.com/_crfsz/crzp3
md5sum ===> d37cf8631a68a1a650f063b4200c9454
Code: [Select]
hxxp://microsupdates.com/_crfsz/crzp3.exe
md5sum ===> e2f69ca7a04f6efb79f3bb9c4c428a89
http://www.virustotal.com/file-scan/report.html?id=b1cf2ce76469c429a378d26df2327d0a0336a55146627bc604a29b6207d09fbc-1295884658 (http://www.virustotal.com/file-scan/report.html?id=b1cf2ce76469c429a378d26df2327d0a0336a55146627bc604a29b6207d09fbc-1295884658)
VT 22/42 (52.4%)
Code: [Select]
hxxp://microsupdates.com/_crfsz/crzp3
Title: Re: New files for Zeus servers
Post by: jackberri on February 02, 2011, 06:00:54 pm
Code: [Select]
hxxp://microsupdates.com/_crfsz/crzpsukmd5sum ===> 7cacae19eed6a5cb28db2c2916a5d140
Code: [Select]
hxxp://microsupdates.com/_crfsz/crzpsuk.exemd5sum ===> 24b77a35182885498908ad1dac8be183
http://www.virustotal.com/file-scan/report.html?id=26ac3ac86d4ee595263fcd1b1ffa17813c208695058260a0ab0ac7ae98b89c51-1296669264 (http://www.virustotal.com/file-scan/report.html?id=26ac3ac86d4ee595263fcd1b1ffa17813c208695058260a0ab0ac7ae98b89c51-1296669264)
VT 14/42 (33.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on February 03, 2011, 09:06:50 am
Code: [Select]
hxxp://oneboy.ru/de.cpmmd5sum ===> 9ecfa5f1e91d9e851fa9c0ec82225794
Code: [Select]
hxxp://oneboy.ru/de.exemd5sum ===> 0f7d581dfa08f3b981eebbf0f785b3f3
http://www.virustotal.com/file-scan/report.html?id=43a96a20e378596340b449a8ce389b2691851a6c3ac839891f33d9e4dd928fd0-1296722165 (http://www.virustotal.com/file-scan/report.html?id=43a96a20e378596340b449a8ce389b2691851a6c3ac839891f33d9e4dd928fd0-1296722165)
VT 4/43 (9.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on February 03, 2011, 09:54:59 am
Code: [Select]
hxxp://fastgoal.ru/de.cpmmd5sum ===> 9ecfa5f1e91d9e851fa9c0ec82225794
Code: [Select]
hxxp://fastgoal.ru/au.cpm
hxxp://fastgoal.ru/22oct_bir.cpm
hxxp://fastgoal.ru/22oct_ic3.cpm
hxxp://fastgoal.ru/22oct_pac.cpm
hxxp://fastgoal.ru/22oct_dmi.cpm
hxxp://fastgoal.ru/22oct_den.cpm
hxxp://fastgoal.ru/14oct_usa.cpm
md5sum ===> bd25942f77779476a2e77c710c0cf518
Code: [Select]
hxxp://fastgoal.ru/de.exemd5sum ===> 0f7d581dfa08f3b981eebbf0f785b3f3
http://www.virustotal.com/file-scan/report.html?id=43a96a20e378596340b449a8ce389b2691851a6c3ac839891f33d9e4dd928fd0-1296726440 (http://www.virustotal.com/file-scan/report.html?id=43a96a20e378596340b449a8ce389b2691851a6c3ac839891f33d9e4dd928fd0-1296726440)
VT 5/43 (11.6%)
Code: [Select]
hxxp://fastgoal.ru/au.exemd5sum ===> a30f7446024ad8aea2b0be6f6f6b2598
http://www.virustotal.com/file-scan/report.html?id=f8e1fa6a790117c5d699c0b633dc439d5697cb4b5eabbdfeaedc3e419f9bd029-1296726429 (http://www.virustotal.com/file-scan/report.html?id=f8e1fa6a790117c5d699c0b633dc439d5697cb4b5eabbdfeaedc3e419f9bd029-1296726429)
VT 37/43 (86.0%)
Code: [Select]
hxxp://fastgoal.ru/22oct_bir.exemd5sum ===> f508e43496c078f71953487232c3ac73
http://www.virustotal.com/file-scan/report.html?id=50663abc87834f967231b886344546cc870b0ed54fffbec1b0f7936a53e8b14e-1296726293 (http://www.virustotal.com/file-scan/report.html?id=50663abc87834f967231b886344546cc870b0ed54fffbec1b0f7936a53e8b14e-1296726293)
VT 34/43 (79.1%)
Code: [Select]
hxxp://fastgoal.ru/22oct_ic3.exemd5sum ===> ee68283c0c8494c322c8f6d41aa4e8d6
http://www.virustotal.com/file-scan/report.html?id=ef70f2a7fc9c987e9d1420f12dcc83899e822cf68f86a4f6006e4553faa7c9d2-1296726211 (http://www.virustotal.com/file-scan/report.html?id=ef70f2a7fc9c987e9d1420f12dcc83899e822cf68f86a4f6006e4553faa7c9d2-1296726211)
VT 39/42 (92.9%)
Code: [Select]
hxxp://fastgoal.ru/22oct_pac.exemd5sum ===> eefbe4c73a25a44bcc0d5df146b13fce
http://www.virustotal.com/file-scan/report.html?id=b68072cc74f356106fc638ce0d912a1fe4f6573da26336e80aabea89cbebca2c-1296726080 (http://www.virustotal.com/file-scan/report.html?id=b68072cc74f356106fc638ce0d912a1fe4f6573da26336e80aabea89cbebca2c-1296726080)
VT 41/43 (95.3%)
Code: [Select]
hxxp://fastgoal.ru/22oct_dmi.exemd5sum ===> add058a4f13c3b5f2a97ecc80933cfff
http://www.virustotal.com/file-scan/report.html?id=6266922df8b6574a0e6c4a8049e691fbc86673764c908f107eb479dacc485a4a-1296725929 (http://www.virustotal.com/file-scan/report.html?id=6266922df8b6574a0e6c4a8049e691fbc86673764c908f107eb479dacc485a4a-1296725929)
VT 42/43 (97.7%)
Code: [Select]
hxxp://fastgoal.ru/22oct_den.exemd5sum ===> 16f092ac72fa89def619e7e45c1b023d
http://www.virustotal.com/file-scan/report.html?id=1c5731ed76ec501dd41504269d56b1b374163de3c48626c5205f02b8e728fc39-1296725799 (http://www.virustotal.com/file-scan/report.html?id=1c5731ed76ec501dd41504269d56b1b374163de3c48626c5205f02b8e728fc39-1296725799)
VT 34/43 (79.1%)
Code: [Select]
hxxp://fastgoal.ru/14oct_usa.exemd5sum ===> 70734b55ab2fe874e44706be389dc77b
http://www.virustotal.com/file-scan/report.html?id=c3a0d72b6c2d1d885117685d0548d976a00e7a5b9efb6c30e0edd8cd16431960-1296725580 (http://www.virustotal.com/file-scan/report.html?id=c3a0d72b6c2d1d885117685d0548d976a00e7a5b9efb6c30e0edd8cd16431960-1296725580)
VT 42/43 (97.7%)
Title: Re: New files for Zeus servers
Post by: jackberri on February 13, 2011, 08:32:31 am
updated trojan:
Code: [Select]
hxxp://hotupdate.ru/yUPHexefru7ruqABEw7t/FrlA9r.exemd5sum ===> fb818f7e0c8c772178bca8e2dfcbd975
http://www.virustotal.com/file-scan/report.html?id=696299e76e15d6e1e9ec9497e8f2c11c5d19787d1ce17d9a9e4927aee2245498-1297541617 (http://www.virustotal.com/file-scan/report.html?id=696299e76e15d6e1e9ec9497e8f2c11c5d19787d1ce17d9a9e4927aee2245498-1297541617)
VT 10/43 (23.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on February 14, 2011, 08:06:56 am
updated trojan:
Code: [Select]
hxxp://hotupdate.ru/yUPHexefru7ruqABEw7t/FrlA9r.exemd5sum ===> ebf9d306f5c7311d1d2a3826085566f7
http://www.virustotal.com/file-scan/report.html?id=5963bf335d63d4950754cd429576547527cfe9b5ce21407b529a228302043cc8-1297670505 (http://www.virustotal.com/file-scan/report.html?id=5963bf335d63d4950754cd429576547527cfe9b5ce21407b529a228302043cc8-1297670505)
VT 6/41 (14.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on February 15, 2011, 11:46:38 am
Code: [Select]
hxxp://hotupdate.ru/yUPHexefru7ruqABEw7t/FrlA9r.exemd5sum ===> 24b8a8d2fb5ea637a74fa598d46d79dc
http://www.virustotal.com/file-scan/report.html?id=28fb1a92266fc1caa823c615daa703023e6475a5a73b26916b8b56501bc9d196-1297769916 (http://www.virustotal.com/file-scan/report.html?id=28fb1a92266fc1caa823c615daa703023e6475a5a73b26916b8b56501bc9d196-1297769916)
VT 5/43 (11.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on February 15, 2011, 07:27:10 pm
updated trojan:
Code: [Select]
hxxp://hotupdate.ru/yUPHexefru7ruqABEw7t/FrlA9r.exemd5sum ===> 9f6cb203dff9df6aa5ccfdebdbb9c794
http://www.virustotal.com/file-scan/report.html?id=5b9e94b2919d8de58a9cb3ae466139406ed4d64c4c2469628575e6a78e9b70d1-1297797720 (http://www.virustotal.com/file-scan/report.html?id=5b9e94b2919d8de58a9cb3ae466139406ed4d64c4c2469628575e6a78e9b70d1-1297797720)
VT 2/43 (4.7%)
Title: Re: New files for Zeus servers
Post by: jackberri on February 17, 2011, 08:26:07 am
Code: [Select]
hxxp://iu7nq6br5w.com/k45hjh354234h/2354k2j34hk23hg4.exemd5sum ===> 89f66908b4f76486dfef2507cf768e94
http://www.virustotal.com/file-scan/report.html?id=11d60c2ad400274922d1291bf81430d92a970f2f435945c99759a8902d6455ec-1297930754 (http://www.virustotal.com/file-scan/report.html?id=11d60c2ad400274922d1291bf81430d92a970f2f435945c99759a8902d6455ec-1297930754)
VT 17/43 (39.5%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 01, 2011, 10:11:03 pm
Code: [Select]
http://token.128pro.net/cat.exe                 md5sum ===> 53fd3a5113e15b61383736c63cc0ccc0http://www.virustotal.com/file-scan/report.html?id=ccf40974428c4e5826c4cefb56dcfb617224afd2480522fb5f8625d5039492b7-1299017093 (http://www.virustotal.com/file-scan/report.html?id=ccf40974428c4e5826c4cefb56dcfb617224afd2480522fb5f8625d5039492b7-1299017093)
VT 13/43 (30.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 07, 2011, 09:58:05 pm
Code: [Select]
http://bigupdates.ru/STo84RIUqiArouklU9/14iAcR.exe               md5sum ===> 0a769c0c73d4b13bd96c5e2f70759858
http://bigupdates.ru/STo84RIUqiArouklU9/mLacrouyo4s8lan.php
http://www.virustotal.com/file-scan/report.html?id=89e6a997ba18812f723d4c623bff2a77647bcf0d07dacf0282814928f481f711-1299534580 (http://www.virustotal.com/file-scan/report.html?id=89e6a997ba18812f723d4c623bff2a77647bcf0d07dacf0282814928f481f711-1299534580)
VT 10/43 (23.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 09, 2011, 07:37:02 pm
IP Location:  Azerbaijan - ADaNet-AS
AS15621         
Code: [Select]
http://109.127.8.242/ar.exe                        md5sum ===> 4382c10d1c0e0566d835cc909207139dhttp://www.virustotal.com/file-scan/report.html?id=4a1b4959054005da9bc586921653094b7761e2bacd60dc2f4b9896333d7039f2-1299698709 (http://www.virustotal.com/file-scan/report.html?id=4a1b4959054005da9bc586921653094b7761e2bacd60dc2f4b9896333d7039f2-1299698709)
VT 22/43 (51.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 12, 2011, 08:09:29 pm
IP Location:  Germany - NETDIRECT Leaseweb Germany GmbH
IP 188.72.230.232
AS28753
Name Server: ns1.iplatforma2020.ru. 188.72.230.232  ns2.iplatforma2020.ru. 78.159.122.22
Registrant/Email Registrant: Private Person/promo@iplatforma2020.ru           
Code: [Select]
http://iplatforma2020.ru/wp-g/svo.bin               md5sum ===> a6d14a22edfa7bdc3d981c92cc412d3e
http://iplatforma2020.ru/wp-g/svo.php

IP Location:  France - IKOULA Net SAS
IP 213.246.42.87
[25156hd42087.ikexpress.com]
AS21409
Code: [Select]
http://alpine-investments.com/zs/spencer1.bin               md5sum ===> f89d7591a43d532852ddc7e507e349b9
IP Location:  United States - PAH-INC Go Daddy Software, Inc.
IP 97.74.144.147
[p3nlh147.shr.prod.phx3.secureserver.net]
AS26496
Name Server: NS2.POWWEB.COM  NS1.POWWEB.COM
Registrant/Email Registrant: Contactprivacy.com/meesheephotography.com@contactprivacy.com           
Code: [Select]
meesheephotography.com/blog/wp-admin/blog-wp/config.bin               md5sum ===> 03b81cf65419ddd888359ff3eeffe9e5
http://meesheephotography.com/blog/wp-admin/blog-wp/gate.php

IP Location:  Ukraine - UKRTELNET JSC UKRTELECOM
IP 195.64.184.61
[web29.ukraine.com.ua]
AS6849
Name Server: ns1.ukraine.com.ua  ns2.ukraine.com.ua  ns3.ukraine.com.ua         
Code: [Select]
http://exp.exetsoft.org.ua/cfg2.bin               md5sum ===> 41b5f7183b5215e56137fab1202e8928
http://exp.exetsoft.org.ua/exe.exe                        md5sum ===> 4d592f466f256e32967e56e5611a309e
http://exp.exetsoft.org.ua/gate.php
http://www.virustotal.com/file-scan/report.html?id=83791e8d27edcfce84fde89e5ab163d61a8b07b1e0602a0e32f24ab66a21e18e-1299959645 (http://www.virustotal.com/file-scan/report.html?id=83791e8d27edcfce84fde89e5ab163d61a8b07b1e0602a0e32f24ab66a21e18e-1299959645)
VT 32/43 (74.4%)

related zeusbotnet malware:
Code: [Select]
http://195.80.151.194/jjnb4.exe         md5sum ===> 7dc0c2fcbde2a1eaf7e6892ae1d4ff60http://www.virustotal.com/file-scan/report.html?id=2fdc6386754892442232f8b369e7316aca2c1d47c4ebca250efaf61c0c4dea3a-1299959768 (http://www.virustotal.com/file-scan/report.html?id=2fdc6386754892442232f8b369e7316aca2c1d47c4ebca250efaf61c0c4dea3a-1299959768)
VT 29/43 (67.4%)

Code: [Select]
http://91.212.135.158/svhost.exe         md5sum ===> a91f2dc1019d2f4aac09c19025e06087http://www.virustotal.com/file-scan/report.html?id=1b7b35ee1b58f99e654a6597cf487a663a3026f030f1b540c472724331003390-1299960107 (http://www.virustotal.com/file-scan/report.html?id=1b7b35ee1b58f99e654a6597cf487a663a3026f030f1b540c472724331003390-1299960107)
VT 18/43 (41.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 14, 2011, 11:48:52 am
Code: [Select]
http://vdir.kz/zlu/zog.exe         md5sum ===> 27ccad25e196d6c3cfd5ae0d0740969dhttp://www.virustotal.com/file-scan/report.html?id=50727b76fb9b1300ae2d0c057b143b314b96e8ffbc58b27ba228e6672e75d33c-1300090891 (http://www.virustotal.com/file-scan/report.html?id=50727b76fb9b1300ae2d0c057b143b314b96e8ffbc58b27ba228e6672e75d33c-1300090891)
VT 38/43 (88.4%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 27, 2011, 04:29:38 pm
zeus trojan updated
Code: [Select]
http://sorry.kz/stats/adobe.exe                 md5sum ===> 0614f16c93c1a0a5859161bc48ba826dhttp://www.virustotal.com/file-scan/report.html?id=2cdb66e3c609276b57b1255306769dd5c2bf72b924033301456454960e9497fe-1301243120 (http://www.virustotal.com/file-scan/report.html?id=2cdb66e3c609276b57b1255306769dd5c2bf72b924033301456454960e9497fe-1301243120)
VT 24/43 (55.8%)
Title: Re: New files for Zeus servers
Post by: jackberri on March 31, 2011, 11:41:52 am
IP Location: Romania - RDSNET RCS & RDS S.A
AS8708
Code: [Select]
http://193.16.213.135/news/?s=27846  md5sum ===> 4777d530f76bd2070b810044a06d9f96
http://lnmslowohldorgvp.info/news/?s=27846  md5sum ===> 4777d530f76bd2070b810044a06d9f96
http://mrmdlomowlrpsxj.com/news/?s=27846  md5sum ===> 4777d530f76bd2070b810044a06d9f96
http://pliskmkoomlprvr.info/news/?s=27846  md5sum ===> 4777d530f76bd2070b810044a06d9f96
http://193.16.213.135/news/?s=6225  md5sum ===> c948d3451644c163623da2f54e2a901e
http://lnmslowohldorgvp.info/news/?s=6225  md5sum ===> c948d3451644c163623da2f54e2a901e
http://mrmdlomowlrpsxj.com/news/?s=6225  md5sum ===> c948d3451644c163623da2f54e2a901e
http://pliskmkoomlprvr.info/news/?s=6225  md5sum ===> c948d3451644c163623da2f54e2a901e
Title: Re: New files for Zeus servers
Post by: jackberri on April 03, 2011, 07:11:28 pm
IP Location:  United States - THEPLANET-AS2
IP 174.120.5.94
[5e.5.78ae.static.theplanet.com]
AS21844
Name Server: NS2.CANCRIWEB.COM  NS1.CANCRIWEB.COM
Registrant/Email Registrant: Cancri Technologies Private Limited/support@cancriweb.com
Code: [Select]
http://nandhotels.com/images/china.exe                    md5sum ===> 0663cc9f0ca65923a7acaad40ad0bf95http://www.virustotal.com/file-scan/report.html?id=e3869d9cc2f8f91632601caefc81f32f6dce44380a6d94a1ce741f06a0e27284-1301857068 (http://www.virustotal.com/file-scan/report.html?id=e3869d9cc2f8f91632601caefc81f32f6dce44380a6d94a1ce741f06a0e27284-1301857068)
VT 5/40 (12.5%)   
related (already listed)
Code: [Select]
http://ellensinteriors.net/images/gallery/gallery34.jpg                 md5sum ===> 816af358367cc2b9ee90a65a1e42d632
Title: Re: New files for Zeus servers
Post by: jackberri on April 29, 2011, 10:44:32 pm
Code: [Select]
http://bloggersdays.com/1/cfg.bin           md5sum ===> 91e2a3ec688d08e03fe8814cab33fa93             
http://bloggersdays.com/1/ldr.exe           md5sum ===> 54c5bf08dee41f19d9fe0b4331c69520
http://www.virustotal.com/file-scan/report.html?id=79d83f7de39904940275a41839bcf6c8bb05c7315876b14970d9d8150ec1bc6f-1304116652 (http://www.virustotal.com/file-scan/report.html?id=79d83f7de39904940275a41839bcf6c8bb05c7315876b14970d9d8150ec1bc6f-1304116652)
VT 33/41 (80.5%)
Title: Re: New files for Zeus servers
Post by: jackberri on April 30, 2011, 07:37:56 am
Code: [Select]
http://vastcoins.ru/iosindior.bin           md5sum ===> b9e506a1bf8d98d40627a4260d4330cd
Title: Re: New files for Zeus servers
Post by: jackberri on May 01, 2011, 06:09:20 pm
IP Location:  Russian Federation - RISS-AS JSC "RISS-Telecom" Network Novosibirsk
IP 80.66.67.230
[mx.sibiriada.nov.net]
AS20803
Name Server: NS1.FINANCIALPOET.COM | NS2.FINANCIALPOET.COM
Registrant/Email Registrant: Irnest Billb/admin@jetsetflysystems.asia
Code: [Select]
http://jetsetflysystems.asia/tpr11.img           md5sum ===> 67f09d3a5e1b59c56a22b3e2104a42fa
Code: [Select]
http://igif.co.tv/sf/s.php
Title: Re: New files for Zeus servers
Post by: jackberri on May 04, 2011, 06:52:10 pm
Code: [Select]
http://vseponovoy.cc.im/zcontent/catalog/bin/upload/zip.exe                   md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7
http://vseponovoy.cc.im/zcontent/catalog/bin/upload/zip1.exe                  md5sum ===> c451ce02a7adb4bab3d5c6185be7d5d7
http://www.virustotal.com/file-scan/report.html?id=952ff332e74b9465cc8db296d4886982afee7b3ab45f80b7d49dc9b4964c3d5d-1304533577 (http://www.virustotal.com/file-scan/report.html?id=952ff332e74b9465cc8db296d4886982afee7b3ab45f80b7d49dc9b4964c3d5d-1304533577)
VT 27/41 (65.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 07, 2011, 02:56:19 pm
zeus trojan updated
Code: [Select]
http://tuk.kz/webpage/pdf.exe           md5sum ===> ecdfecbae1bcc256fce0494f04afc974https://www.virustotal.com/file-scan/report.html?id=5859f961f95add784a76bd7eb1389fff4809287fb2ea1eb1f828e92fb79f924a-1304779390 (https://www.virustotal.com/file-scan/report.html?id=5859f961f95add784a76bd7eb1389fff4809287fb2ea1eb1f828e92fb79f924a-1304779390)
VT 1/42 (2.4%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 08, 2011, 03:26:42 pm
IP Location: United States - BIZLAND-ASN Endurance International Group, Inc.
IP 72.22.88.131
[vz17.securehostserver.com]
AS29873
Name Server: dns2.registrar-servers.com | dns1.registrar-servers.com | dns4.registrar-servers.com | dns5.registrar-servers.com | dns3.registrar-servers.com
Registrant/Email Registrant: Aurelia  Michael/anunarudatewa@yahoo.com
Code: [Select]
http://72.22.88.131/news/?s=27846  md5sum ===> b7aa1f03f52a03fbaf5ad7cc4a2889cb
http://nlxpwojfyclqttu.biz/news/?s=27846  md5sum ===> b7aa1f03f52a03fbaf5ad7cc4a2889cb
http://72.22.88.131/news/?s=6225  md5sum ===> 1975d5cb42897c754e7917802ec0c2b7
http://nlxpwojfyclqttu.biz/news/?s=6225  md5sum ===> 1975d5cb42897c754e7917802ec0c2b7



IP Location: United States - BIZLAND-ASN Endurance International Group, Inc.
IP 72.22.88.132
[vz17.securehostserver.com]
AS29873
Name Server: dns2.registrar-servers.com | dns1.registrar-servers.com | dns4.registrar-servers.com | dns5.registrar-servers.com | dns3.registrar-servers.com
Registrant/Email Registrant: Rebecca  Goggans/ronuxewedequluq@yahoo.com
Registrant/Email Registrant: Steven  Hahn/ikinybyvetudufy@yahoo.com
Code: [Select]
http://72.22.88.132/news/?s=27846  md5sum ===> 1975d5cb42897c754e7917802ec0c2b7
http://lemeenqtmholqusj.biz/news/?s=27846  md5sum ===> 1975d5cb42897c754e7917802ec0c2b7
http://qwnjouixsft.info/news/?s=27846  md5sum ===> 1975d5cb42897c754e7917802ec0c2b7
http://72.22.88.132/news/?s=6225  md5sum ===> 58d20957b450ecc9520c315cfb604da5
http://lemeenqtmholqusj.biz/news/?s=6225  md5sum ===> 58d20957b450ecc9520c315cfb604da5
http://qwnjouixsft.info/news/?s=6225  md5sum ===> 58d20957b450ecc9520c315cfb604da5
Title: Re: New files for Zeus servers
Post by: jackberri on May 08, 2011, 07:09:54 pm
zeus trojan updated
Code: [Select]
http://obectloopotads.com/dez/dez.exe                   md5sum ===> 0e52f6df95a45ac6e954a349ebb78684http://www.virustotal.com/file-scan/report.html?id=892761e2dc6666827f0c1eb733375b19a1320cf6ebc65acf2b89d8d97483d26b-1304881493 (http://www.virustotal.com/file-scan/report.html?id=892761e2dc6666827f0c1eb733375b19a1320cf6ebc65acf2b89d8d97483d26b-1304881493)
VT 27/42 (45.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 09, 2011, 11:55:14 am
zeus trojan updated
Code: [Select]
http://tuk.kz/webpage/pdf.exe           md5sum ===> 77bcfd97cffe2585a1063ba86e94f4f4http://www.virustotal.com/file-scan/report.html?id=3f3dcb981de4e0fdeb19484b114087459df54bac5c4e647181550792f5115a8c-1304941521 (http://www.virustotal.com/file-scan/report.html?id=3f3dcb981de4e0fdeb19484b114087459df54bac5c4e647181550792f5115a8c-1304941521)
VT 12/41 (29.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 10, 2011, 03:59:16 pm
Code: [Select]
http://kolddozood.com/tmp3.bin           md5sum ===> e61ab6f535031c9350ebe5792f3a2a6c
Title: Re: New files for Zeus servers
Post by: jackberri on May 12, 2011, 12:05:24 pm
zeus trojan updated
Code: [Select]
http://tuk.kz/webpage/pdf.exe                   md5sum ===> a330831cc3d933f6a04cb6bd25b122bchttp://www.virustotal.com/file-scan/report.html?id=8d9fc9256246d847f133281a9c17e60fe72227bc4d800dd0955b8758ee7aff1f-1305096870 (http://www.virustotal.com/file-scan/report.html?id=8d9fc9256246d847f133281a9c17e60fe72227bc4d800dd0955b8758ee7aff1f-1305096870)
VT 6/42 (14.3%) 
Title: Re: New files for Zeus servers
Post by: jackberri on May 13, 2011, 12:16:28 pm
Code: [Select]
http://beakro.com/Sashok/server[php]/config.bin           md5sum ===> fc5bdf7ebb509410eec894d617652690
Title: Re: New files for Zeus servers
Post by: jackberri on May 13, 2011, 12:27:54 pm
zeus trojan updated
Code: [Select]
http://tuk.kz/webpage/pdf.exe         md5sum ===> 239e08871cf5d604ba38c40dff4b6a85http://www.virustotal.com/file-scan/report.html?id=6e22f3af34733266ec6fcf22268b866ba954d76d9cf64dc047ef19c27563ba61-1305288950 (http://www.virustotal.com/file-scan/report.html?id=6e22f3af34733266ec6fcf22268b866ba954d76d9cf64dc047ef19c27563ba61-1305288950)
VT 4/41 (9.8%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 22, 2011, 11:31:54 pm
Code: [Select]
http://122.224.18.36/update.exe         md5sum ===> 93e63ce88f8e4830cb83f7c3cf40cbf4http://www.virustotal.com/file-scan/report.html?id=fbd3f365f48958e15c1e43052f77346e2b4d5d036056498b3e6129a459b0b95e-1306106348 (http://www.virustotal.com/file-scan/report.html?id=fbd3f365f48958e15c1e43052f77346e2b4d5d036056498b3e6129a459b0b95e-1306106348)
VT 33/42 (78.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on May 28, 2011, 03:20:06 pm
Code: [Select]
http://faint.ir/bat/un.bin          md5sum ===> 34e4a727e9f2958c3975bfa494eb4fb6
http://faint.ir/bat/gol.php
Title: Re: New files for Zeus servers
Post by: jackberri on May 30, 2011, 11:23:05 am
Code: [Select]
http://underfeet.ru/franklin2.bin   md5sum ===> 2c56264ea130fd9c581e36b73cfffb40
Title: Re: New files for Zeus servers
Post by: jackberri on May 30, 2011, 09:53:29 pm
updated zeus trojan

Code: [Select]
http://wurplemancerz.com/gud/chu.exe          md5sum ===> f5880321d5a51ddb6e1928ff33769e28
http://bitschoonerop.com/gud/chu.exe          md5sum ===> f5880321d5a51ddb6e1928ff33769e28
         
http://www.virustotal.com/file-scan/report.html?id=b777298dcddcfeffd81744b063f03e8afe36848be6c938ebb67f24afe0f762a0-1306791371 (http://www.virustotal.com/file-scan/report.html?id=b777298dcddcfeffd81744b063f03e8afe36848be6c938ebb67f24afe0f762a0-1306791371)
VT 3/42 (7.1%)
Title: Re: New files for Zeus servers
Post by: jackberri on June 01, 2011, 07:32:28 pm
Code: [Select]
http://centrimedicitoscani.it/ind.pdf          md5sum ===> e7b61462268593416252b7313b272a0c
Title: Re: New files for Zeus servers
Post by: jackberri on September 28, 2011, 11:58:59 am
IP Location: United States - New Dream Network -- Garland Data Center DREAMHOST-AS
IP 75.119.216.181
[ps29164.dreamhost.com]
AS26347
Name Server: ns1.dreamhost.com | ns2.dreamhost.com | ns3.dreamhost.com
Registrant/Email Registrant: kamyoo.com Private Registrant/kamyoo.com@proxy.dreamhost.com
Code: [Select]
http://blog.kamyoo.com/wp-includes/pomo/list.phprelated (already listed):
Code: [Select]
http://pharmasurestore.com/data/designImages/MAIN_DESIGN_1295039729.jpg
Title: Re: New files for Zeus servers
Post by: jackberri on October 04, 2011, 03:20:43 pm
Code: [Select]
hxxp://pharmasurestore.com/include/config.php
Title: Re: New files for Zeus servers
Post by: jackberri on October 08, 2011, 08:32:50 am
Code: [Select]
hxxp://fabsnot.ru/search/baby2011.php
Title: Re: New files for Zeus servers
Post by: jackberri on October 08, 2011, 04:31:05 pm
New md5sum:
Code: [Select]
hxxp://fabsnot.ru/search/old02ziu.bin  md5sum ===> 33a15f19c3c96edfe9370ef9e113aab5
Title: Re: New files for Zeus servers
Post by: jackberri on October 09, 2011, 11:45:33 am
Code: [Select]
hxxp://ek-kessons.co.cc/dirctory/schools/prep/obonzy-bot.exe         md5sum ===> dd20c8ba739b02485387d45f6fbb9681http://www.virustotal.com/file-scan/report.html?id=d25111c5c1b2b00a7795f22857e41fd9932db22cbff91c4f7c0f511f0d0ceaa0-1318159771 (http://www.virustotal.com/file-scan/report.html?id=d25111c5c1b2b00a7795f22857e41fd9932db22cbff91c4f7c0f511f0d0ceaa0-1318159771)
VT 16/43 (37.2%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 15, 2011, 03:04:20 pm
IP Location: Russian Federation - GRDS-AS
IP 91.228.133.75
AS56878
Name Server: ns3.cnmsn.com | ns4.cnmsn.com
Registrant/Email Registrant: Eric Krowsz/EricK@hotmail.com
Registrant/Email Registrant: Donald Efristing/denf@hotmail.com
Code: [Select]
hxxp://shoping-cards.com/cfg/bss.bin      md5sum ===> 57aa88c282d78f4a599f149e17491cb0
hxxp://inspector-gadgets.com/cfg/bss.bin  md5sum ===> 57aa88c282d78f4a599f149e17491cb0
hxxp://ownership-online.com/cfg/bss.bin   md5sum ===> 57aa88c282d78f4a599f149e17491cb0
hxxp://91.221.98.31/531-01.exe            md5sum ===> c6b2ea802a8fe22ebe3904d34dd75db1
related:
Code: [Select]
hxxp://tindsator.com/404.php?type=stats&affid=531&subid=01&awokhttp://www.virustotal.com/file-scan/report.html?id=9f3e0a7d1930e09279b73eebd4b4e39780a4018f25e1c8f29218be45f16bf9bc-1318688760 (http://www.virustotal.com/file-scan/report.html?id=9f3e0a7d1930e09279b73eebd4b4e39780a4018f25e1c8f29218be45f16bf9bc-1318688760)
VT 8/43 (18.6%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 16, 2011, 03:40:03 pm
IP Location: Russian Federation - Lomonosov - Cjsc Masterhost
IP 90.156.201.63
IP 90.156.201.106
[fe.shared.masterhost.ru]
AS25532
Name Server: ns.masterhost.ru | ns1.masterhost.ru | ns2.masterhost.ru
Registrant/Email Registrant: Private Person/yakovdima@gmail.com
Code: [Select]
hxxp://www.relax-tropicana.ru/modules/mod_stats/tmpl/im.exe  md5sum ===> 8adc5e35f4e2dc15e22156322cc7eb4b
hxxp://relax-tropicana.ru/modules/mod_stats/tmpl/im.exe      md5sum ===> 8adc5e35f4e2dc15e22156322cc7eb4b
Title: Re: New files for Zeus servers
Post by: jackberri on October 17, 2011, 07:57:10 pm
related with:
Code: [Select]
hxxp://gorycup.ru/search/newfile11.bin
IP Location: Indonesia - ARDH-AS-ID   
IP 124.158.158.135
AS24197
Name Server: ns1.idclient.net | ns2.idclient.net
Registrant/Email Registrant: Data Sarana Nusantara/tatang.mulyana@gmail.com
Code: [Select]
hxxp://bursamobkas.com/us.bin         md5sum ===> 86ae7f11f444d437e0269eaa71fa9009
IP Location: China - China-Network-Communications-Group 
IP 218.24.113.3
AS4837
Name Server: ns1.acorngroupinc.com | ns1.acorngroupinc.com
Registrant/Email Registrant: Private Person/built@ppmail.ru
Code: [Select]
hxxp://weaktrash.ru/search/dontlook.exe         md5sum ===> adf6f6346ba1f432d8f792745233f71dhttp://www.virustotal.com/file-scan/report.html?id=defe7dbcf714989a9553326bd332c6688d0541eb427c6efdd5f7af34d51f54cf-1318880099 (http://www.virustotal.com/file-scan/report.html?id=defe7dbcf714989a9553326bd332c6688d0541eb427c6efdd5f7af34d51f54cf-1318880099)
VT 8/42 (19.0%)


IP Location: China - China-Network-Communications-Group 
IP 218.24.113.3
AS4837
Name Server: ns1.acorngroupinc.com | ns2.acorngroupinc.com
Registrant/Email Registrant: Private Person/java@free-id.ru
Code: [Select]
hxxp://papertulip.ru/search/USA/updatenew.php
Title: Re: New files for Zeus servers
Post by: jackberri on October 19, 2011, 11:11:18 am
202.199.160.107
41.189.229.65
82.210.157.9
60.19.30.131
Registrant/Email Registrant: Private Person/steelcinetecs@free-id.ru
Code: [Select]
hxxp://steelcinetecs.ru/pla/folsk.php

Code: [Select]
hxxp://papertulip.ru/search/jeremy16.php
Title: Re: New files for Zeus servers
Post by: jackberri on October 20, 2011, 07:33:37 am
Code: [Select]
hxxp://193.169.218.210/logo/config.php
hxxp://193.169.218.210/main.php
Title: Re: New files for Zeus servers
Post by: jackberri on October 21, 2011, 05:49:38 pm
Code: [Select]
hxxp://tampusa.com/mb/l/ist.dat  md5sum ===> 11dbd5c7f2d826b374feeb3a34b29f26
Title: Re: New files for Zeus servers
Post by: jackberri on October 23, 2011, 11:29:31 am
Code: [Select]
hxxp://brentnallfg.com/zh.exe             md5sum ===> 8de257e7ac6d71c74ca0f4be31417a19
hxxp://financialactivson.com/zh.exe       md5sum ===> 8de257e7ac6d71c74ca0f4be31417a19
http://www.virustotal.com/file-scan/report.html?id=464371b6f2cd03f2e3d304f72c5533856ceacb32424fd689d441ac8bd0aaf1a6-1319368480 (http://www.virustotal.com/file-scan/report.html?id=464371b6f2cd03f2e3d304f72c5533856ceacb32424fd689d441ac8bd0aaf1a6-1319368480)
VT 9/40 (22.5%)

Code: [Select]
hxxp://gorycup.ru/search/foryou0.bin           md5sum ===> aa8ae2063e92e7b81a479969bafd480b
hxxp://weaktrash.ru/search/foryou0.bin         md5sum ===> aa8ae2063e92e7b81a479969bafd480b
hxxp://papertulip.ru/search/foryou0.bin        md5sum ===> aa8ae2063e92e7b81a479969bafd480b
hxxp://gorycup.ru/search/dontlook.exe          md5sum ===> 48d2ef8b511f645e73ee7d65a5e39830
hxxp://papertulip.ru/search/dontlook.exe       md5sum ===> 48d2ef8b511f645e73ee7d65a5e39830
http://www.virustotal.com/file-scan/report.html?id=406ce57991dfa4be954340b0e1b8d02f4973a795277723a0180c55eb9020edf8-1319371348 (http://www.virustotal.com/file-scan/report.html?id=406ce57991dfa4be954340b0e1b8d02f4973a795277723a0180c55eb9020edf8-1319371348)
VT 23/43 (53.5%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 24, 2011, 06:35:24 pm
New md5sum:

Code: [Select]
hxxp://gorycup.ru/search/newcalc.exe             md5sum ===> c60a3292ac0701e066c1c0f414eb0770
hxxp://weaktrash.ru/search/newcalc.exe           md5sum ===> c60a3292ac0701e066c1c0f414eb0770
hxxp://papertulip.ru/search/newcalc.exe          md5sum ===> c60a3292ac0701e066c1c0f414eb0770
http://www.virustotal.com/file-scan/report.html?id=b90dd26a14956789c87d4779acc503467f35263df99c09defba0d84f322a5de0-1319480222 (http://www.virustotal.com/file-scan/report.html?id=b90dd26a14956789c87d4779acc503467f35263df99c09defba0d84f322a5de0-1319480222)
VT 9/43 (20.9%)

Code: [Select]
hxxp://gorycup.ru/search/dontlook.exe          md5sum ===> e8c92a7de613d358aa117a62b6807c07
hxxp://papertulip.ru/search/dontlook.exe       md5sum ===> e8c92a7de613d358aa117a62b6807c07
hxxp://weaktrash.ru/search/dontlook.exe        md5sum ===> e8c92a7de613d358aa117a62b6807c07
http://www.virustotal.com/file-scan/report.html?id=5fb0633ee4a80d32bc9e6f341f4f789def62431a6daa82f88b754db821c70877-1319480239 (http://www.virustotal.com/file-scan/report.html?id=5fb0633ee4a80d32bc9e6f341f4f789def62431a6daa82f88b754db821c70877-1319480239)
VT 3/43 (7.0%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 25, 2011, 05:11:29 am
IP Location: Turkey - Coskunoz_Holding-ASN
IP 62.244.243.13
[www.copa.com.tr]
AS39253
Name Server: ns1.getinmo.net | ns2.getinmo.net
Registrant/Email Registrant: Private Person/softmarkets@ppmail.ru
Code: [Select]
hxxp://softmarkets.ru/adminochka/serv/forum/incom/winxpsp_ver209221.msi                 md5sum ===> ae6014727d8da464b2b304374192eb13
hxxp://softmarkets.ru/adminochka/serv/forum/incom/winxpsp_ver209221.exe                 md5sum ===> 34f6340c75c96d5e1737957eea47d763
hxxp://softmarkets.ru/adminochka/serv/message.php
http://www.virustotal.com/file-scan/report.html?id=764f3ebda63c0721cc6740633c6e7ea2cbcafc12d4ad8c1dd3c5c33507c883aa-1319519028 (http://www.virustotal.com/file-scan/report.html?id=764f3ebda63c0721cc6740633c6e7ea2cbcafc12d4ad8c1dd3c5c33507c883aa-1319519028)
VT 15/43 (34.9%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 25, 2011, 07:21:04 pm
Code: [Select]
hxxp://wholenutrients.org/us.bin           md5sum ===> aa8ae2063e92e7b81a479969bafd480brelated md5sum 764b578d085e1af5ff40ffb804b200a4
Title: Re: New files for Zeus servers
Post by: jackberri on October 29, 2011, 05:45:38 am
New md5sum:
IP Location: Romania - UPC Broadband
IP 95.77.9.210
AS6830
Name Server: ns.1maimare.ro | ns.2maimare.ro
Registrant/Email Registrant: Elefterescu Andrei/andrei_alex_andrei@yahoo.com
Code: [Select]
hxxp://1maimare.ro/.backups/movies/mediaplayer.exe                 md5sum ===> 6a52972d8f07ea14fe89c8648295f85ahttp://www.virustotal.com/file-scan/report.html?id=49d3d15626e2ac2f35c8de44b4a9404a785a5aa221bf56757e174486fda61a7d-1319866097 (http://www.virustotal.com/file-scan/report.html?id=49d3d15626e2ac2f35c8de44b4a9404a785a5aa221bf56757e174486fda61a7d-1319866097)
VT 4/43 (9.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on October 30, 2011, 11:14:10 pm
Another WampServer:
Code: [Select]
hxxp:/188.219.154.228/ISAPI22460012100/get_adobeFlash.exe                 md5sum ===> 177e77d48bdf6424eaf0bbbff2905236http://www.virustotal.com/file-scan/report.html?id=17ba640966b85410537423f2cee7ad3f80be7a53fdbf2916c6b4a4792a61ced6-1320015575 (http://www.virustotal.com/file-scan/report.html?id=17ba640966b85410537423f2cee7ad3f80be7a53fdbf2916c6b4a4792a61ced6-1320015575)
VT 32/43 (74.4%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 04, 2011, 07:23:39 am
Code: [Select]
ftwtogether.ru.         214     IN      A       60.19.30.135
ftwtogether.ru.         214     IN      A       218.24.113.3
ftwtogether.ru.         214     IN      A       121.124.111.7
ftwtogether.ru.         214     IN      A       69.4.116.110
ftwtogether.ru.         214     IN      A       205.185.117.149

Code: [Select]
hxxp://ftwtogether.ru/zh.exe                 md5sum ===> 8b7d61bbee9adeb54f6a00f1b8a224b0
http://ftwtogether.ru/report.php
http://www.virustotal.com/file-scan/report.html?id=d259dc4d995ee7fc4e0c617f188a3ccee95b6867b97738d5c85c0a99f18055c5-1320390283 (http://www.virustotal.com/file-scan/report.html?id=d259dc4d995ee7fc4e0c617f188a3ccee95b6867b97738d5c85c0a99f18055c5-1320390283)
VT 23/43 (53.5%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 04, 2011, 03:29:31 pm
Code: [Select]
hxxp://softmarkets.ru/adminochka/serv/forum/incom/winxpsp_ver209221.msi                 md5sum ===> 8da8438fcf57266490eb025abb049934
hxxp://softmarkets.ru/adminochka/serv/forum/incom/winxpsp_ver209221.exe                 md5sum ===> c25724fdec65d41e987acf60c8894829
http://www.virustotal.com/file-scan/report.html?id=3dafd37d7439ad23742d8cad1ddeaba6ac6d80f4ce3860ee66692b9dc37ddeab-1320412596 (http://www.virustotal.com/file-scan/report.html?id=3dafd37d7439ad23742d8cad1ddeaba6ac6d80f4ce3860ee66692b9dc37ddeab-1320412596)
VT 21/43 (48.8%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 08, 2011, 12:02:51 am
IP Location: China - China-Network-Communications-Group
IP 60.19.30.135
AS4837
Name Server: ns2.advisorhirings.org | ns1.advisorhirings.org
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org
Code: [Select]
hxxp://veerpalace.biz/pic.gif              md5sum ===> 221a5598a4a3d700c987663b4d67ff86
hxxp://veerpalace.biz/update.exe           md5sum ===> 232250c8f5f2da31e3c468ce8327ca8f
hxxp://veerpalace.biz/opaopa.php
http://www.virustotal.com/file-scan/report.html?id=b203f61ce9214a52b4bcfa695813a0289a8377f8b9edf96b9abfea3d804b1111-1320709638 (http://www.virustotal.com/file-scan/report.html?id=b203f61ce9214a52b4bcfa695813a0289a8377f8b9edf96b9abfea3d804b1111-1320709638)
VT 3/42 (7.1%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 09, 2011, 03:41:58 pm
Code: [Select]
IP Location: Russian Federation  - ANDERS-AS
IP 87.251.154.13
[t41.e61.su]
AS39792
Name Server: DNS01.GPN.REGISTER.COM | DNS02.GPN.REGISTER.COM | DNS03.GPN.REGISTER.COM | DNS04.GPN.REGISTER.COM | DNS05.GPN.REGISTER.COM
Registrant/Email Registrant: alva gregory /livemeee@gmail.com
hxxp://torscandpower.com/salvador1conf/settings.bin             md5sum ===> 6c8b645a1ef7440f7d0de508e2431e71
hxxp://torscandpower.com/memo1conf/settings.bin                 md5sum ===> 70fe2b44f369e736db3636f3358d9ca8
hxxp://torscandpower.com/salvador1conf/redir.php
hxxp://torscandpower.com/memo1conf/redir.php
hxxp://torscandpower.com/salvador1conf/config.php
hxxp://torscandpower.com/memo1conf/config.php
Title: Re: New files for Zeus servers
Post by: jackberri on November 09, 2011, 06:26:45 pm
New md5sum

Code: [Select]
hxxp://softmarket-drom.ru/adminochka/serv/forum/incom/winxpsp_ver209221.msi           md5sum ===> a487d677e9a24bdbcd0a392695593060
hxxp://softmarket-drom.ru/adminochka/serv/forum/incom/winxpsp_ver209221.exe           md5sum ===> a63a197f3b3e3133a3405fdf48f49851
http://www.virustotal.com/file-scan/report.html?id=cadba6d9f9375a5cfe939497b70f760c96254a10e661a858f0eb5889635fa85c-1320862350 (http://www.virustotal.com/file-scan/report.html?id=cadba6d9f9375a5cfe939497b70f760c96254a10e661a858f0eb5889635fa85c-1320862350)
VT 14/42 (33.3%)
Title: Re: New files for Zeus servers
Post by: jackberri on November 15, 2011, 04:06:37 pm
Code: [Select]
hxxp://softmarkets.ru/adminochka/adm2/forum/incom/winxpsp_KB2313165.msi         md5sum ===> a0c1b56d13218b77d53ef89b80f2dd6c
hxxp://softmarkets.ru/adminochka/adm2/forum/incom/winxpsp_KB2313165.exe         md5sum ===> bfa4f706bff49e6c3c04e714106bcdb0
hxxp://softmarkets.ru/adminochka/adm2/message.php
http://www.virustotal.com/file-scan/report.html?id=1c3048ce4f9b1030fdfd3a1a5d9bae4c96164bc5cf38dbe497689b9aaa74e416-1321372357 (http://www.virustotal.com/file-scan/report.html?id=1c3048ce4f9b1030fdfd3a1a5d9bae4c96164bc5cf38dbe497689b9aaa74e416-1321372357)
VT 19/41 (46.3%)


Code: [Select]
hxxp://87.251.154.13/spring1conf/redir.php
Title: Re: New files for Zeus servers
Post by: jackberri on November 18, 2011, 03:33:11 pm
IP Location: Ukraine - Infium Ltd
[ip-188-190-98-111.hosted-in.infiumhost.com]
IP 188.190.98.111
AS197145
Name Server: NS73.DOMAINCONTROL.COM | NS74.DOMAINCONTROL.COM
Registrant/Email Registrant: Mark Levi/yeseniaeri8889@yahoo.com
Registrant/Email Registrant: Iren Lostwin/quyyyaziz@yahoo.com
Code: [Select]
hxxp://kdjs982fjkdsfk.info/1515/a/ex         md5sum ===> cb1cd659e77d3b21b26cca0b12056922
hxxp://askds98ifdsfsd.info/1515/a/ex         md5sum ===> cb1cd659e77d3b21b26cca0b12056922
hxxp://188.190.98.111/1515/a/ex              md5sum ===> cb1cd659e77d3b21b26cca0b12056922
hxxp://188.190.98.112/1515/a/ex              md5sum ===> cb1cd659e77d3b21b26cca0b12056922
hxxp://kdjs982fjkdsfk.info/1515/a/rock.php
hxxp://askds98ifdsfsd.info/1515/a/rock.php
hxxp://188.190.98.111/1515/a/rock.php
hxxp://188.190.98.112/1515/a/rock.php
http://www.virustotal.com/file-scan/report.html?id=5154fad05fd65221d61106f205ada7ce985443506b945fb42d899344420eb1af-1321628218 (http://www.virustotal.com/file-scan/report.html?id=5154fad05fd65221d61106f205ada7ce985443506b945fb42d899344420eb1af-1321628218)
VT 21/41 (51.2%)
Code: [Select]
hxxp://188.190.98.112/index.php
Title: Re: New files for Zeus servers
Post by: jackberri on November 21, 2011, 03:37:02 pm
Code: [Select]
hxxp://adslayer.net/basket/cart.php
Title: Re: New files for Zeus servers
Post by: Xylitol on November 21, 2011, 09:35:24 pm
Code: [Select]
hxxp://ecommerceone.ru/zzz/Zeus C&C edited but it's Zeus
Title: Re: New files for Zeus servers
Post by: jackberri on November 22, 2011, 06:20:18 pm
Code: [Select]
hxxp://ecommerceone.ru/control/config.php
Code: [Select]
hxxp://bestsoftics.ru/adminos/sneg/news/incom/config.php
Title: Re: New files for Zeus servers
Post by: jackberri on December 02, 2011, 07:05:56 pm
Code: [Select]
hxxp://cakerecipes.ru/yy.exe     md5sum ===> fe0c71d4351988b5f29d29c9378fe976http://www.virustotal.com/file-scan/report.html?id=8350cec95986a7edf1c2bdfb431050b9bd6f532760ed9ca22dd64a758a92b750-1322851565 (http://www.virustotal.com/file-scan/report.html?id=8350cec95986a7edf1c2bdfb431050b9bd6f532760ed9ca22dd64a758a92b750-1322851565)
VT 34/43 (79.1%)

Code: [Select]
hxxp://buyakabuyaka.kiev.ua/job2/cfg.bin      md5sum ===> ba31abaed93827f31c3339b353be98bc
Title: Re: New files for Zeus servers
Post by: harry.tuttle on September 04, 2012, 12:17:31 am
hxxp://lewer.sk/plugins/search/cp.exe
MD5:    F86C59258413416E3853ACC9CDA5BBCA